CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-3092 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims.
CVSS: HIGH (8.7) EPSS Score: 0.49% SSVC Exploitation: poc
May 22nd, 2025 (25 days ago)
|
|
CVE-2024-2829 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.5 before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. A crafted wildcard filter in FileFinder may lead to a denial of service.
CVSS: HIGH (7.5) EPSS Score: 2.67% SSVC Exploitation: none
May 22nd, 2025 (25 days ago)
|
|
CVE-2024-2434 |
Description: An issue has been discovered in GitLab affecting all versions of GitLab CE/EE 16.9 prior to 16.9.6, 16.10 prior to 16.10.4, and 16.11 prior to 16.11.1 where path traversal could lead to DoS and restricted file read.
CVSS: HIGH (8.5) EPSS Score: 3.03% SSVC Exploitation: none
May 22nd, 2025 (25 days ago)
|
|
CVE-2024-2279 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.7 to 16.8.6 all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. Using the autocomplete for issues references feature a crafted payload may lead to a stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.
CVSS: HIGH (8.7) EPSS Score: 0.49% SSVC Exploitation: None
May 22nd, 2025 (25 days ago)
|
|
CVE-2024-1451 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims."
CVSS: HIGH (8.7) EPSS Score: 31.3% SSVC Exploitation: none
May 22nd, 2025 (25 days ago)
|
|
CVE-2024-0410 |
Description: An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict.
CVSS: HIGH (7.7) EPSS Score: 0.01% SSVC Exploitation: none
May 22nd, 2025 (25 days ago)
|
|
CVE-2025-47947 |
Description: ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload's content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-34025 |
Description: The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
CVSS: HIGH (8.6) EPSS Score: 0.05%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-5057 |
Description: A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/insert-product.php. The manipulation of the argument Category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Eine kritische Schwachstelle wurde in Campcodes Online Shopping Portal 1.0 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei /admin/insert-product.php. Durch Manipulieren des Arguments Category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.04%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-5056 |
Description: A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-products.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In Campcodes Online Shopping Portal 1.0 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/edit-products.php. Durch das Manipulieren des Arguments Category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03%
May 21st, 2025 (25 days ago)
|