CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-25006 |
Description: XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import.
CVSS: HIGH (8.1) EPSS Score: 0.3% SSVC Exploitation: none
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-23513 |
Description: Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5.
CVSS: HIGH (8.7) EPSS Score: 0.31% SSVC Exploitation: none
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-23512 |
Description: Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.
CVSS: HIGH (8.7) EPSS Score: 0.22% SSVC Exploitation: none
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-22228 |
Description:
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.
CVSS: HIGH (7.8) EPSS Score: 0.17% SSVC Exploitation: none
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-22227 |
Description:
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges.
CVSS: HIGH (7.8) EPSS Score: 0.2% SSVC Exploitation: none
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-22225 |
Description:
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.
CVSS: HIGH (7.8) EPSS Score: 0.16% SSVC Exploitation: none
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-22224 |
Description:
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.
CVSS: HIGH (7.8) EPSS Score: 0.17% SSVC Exploitation: none
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-22223 |
Description:
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.
CVSS: HIGH (7.8) EPSS Score: 0.13% SSVC Exploitation: none
May 7th, 2025 (about 1 month ago)
|
|
CVE-2024-0566 |
Description: The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
CVSS: HIGH (7.2) EPSS Score: 1.33% SSVC Exploitation: poc
May 7th, 2025 (about 1 month ago)
|
|
CVE-2025-30147 |
Description: Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128_ADD (0x06), ALTBN128_MUL (0x07), and ALTBN128_PAIRING (0x08). These precompiles were reimplemented in besu-native using gnark-crypto's bn254 implementation, as the former implementation used a library which was no longer maintained and not sufficiently performant. The new gnark implementation was initially added in version 0.9.0 of besu-native but was not utilized by Besu until version 0.9.2 in Besu 24.7.1. The issue is that there are EC points which may be crafted which are in the correct subgroup but are not on the curve and the besu-native gnark implementation was relying on subgroup checks to perform point-on-curve checks as well. The version of gnark-crypto used at the time did not do this check when performing subgroup checks. The result is that it was possible for Besu to give an incorrect result and fall out of consensus when executing one of these precompiles against a specially crafted input point. Additionally, homogenous Besu-only networks can potentially enshrine invalid state which would be incorrect and difficult to process with patched versions of besu which handle these calls correctly. The underlying defect has been patched in besu-native release 1.3.0. The fixed version ...
CVSS: HIGH (8.7) EPSS Score: 0.02%
May 7th, 2025 (about 1 month ago)
|