CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-24350 |
Description: File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component.
CVSS: HIGH (8.8) EPSS Score: 1.39% SSVC Exploitation: poc
May 8th, 2025 (about 1 month ago)
|
|
CVE-2024-20255 |
Description: A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.
This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.
CVSS: HIGH (8.2) EPSS Score: 0.74% SSVC Exploitation: none
May 8th, 2025 (about 1 month ago)
|
|
CVE-2025-4098 |
Description: Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected installations of Cscape.
CVSS: HIGH (8.4) EPSS Score: 0.02%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2025-1948 |
Description: In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE.
The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting.
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2024-13009 |
Description: In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request
body. This can result in corrupted and/or inadvertent sharing of data between requests.
CVSS: HIGH (7.2) EPSS Score: 0.04%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2025-45843 |
Description: TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function.
CVSS: HIGH (8.8) EPSS Score: 0.08%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2025-26842 |
Description: An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog.
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2024-24697 |
Description: Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS: HIGH (7.2) EPSS Score: 0.04% SSVC Exploitation: none
May 8th, 2025 (about 1 month ago)
|
|
CVE-2024-1354 |
Description: A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS: HIGH (8.0) EPSS Score: 0.26% SSVC Exploitation: none
May 8th, 2025 (about 1 month ago)
|
|
CVE-2024-0568 |
Description:
CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering
of device configuration over NFC communication.
CVSS: HIGH (8.8) EPSS Score: 0.16% SSVC Exploitation: none
May 8th, 2025 (about 1 month ago)
|