CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-2469 |
Description: An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS: HIGH (8.0) EPSS Score: 0.63% SSVC Exploitation: none
April 10th, 2025 (3 months ago)
|
|
CVE-2024-1685 |
Description: The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
CVSS: HIGH (8.8) EPSS Score: 0.56% SSVC Exploitation: none
April 10th, 2025 (3 months ago)
|
|
CVE-2025-29915 |
Description: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. The AF_PACKET defrag option is enabled by default and allows AF_PACKET to re-assemble fragmented packets before reaching Suricata. However the default packet size in Suricata is based on the network interface MTU which leads to Suricata seeing truncated packets. Upgrade to Suricata 7.0.9, which uses better defaults and adds warnings for user configurations that may lead to issues.
CVSS: HIGH (7.5) EPSS Score: 0.02%
April 10th, 2025 (3 months ago)
|
|
CVE-2024-25699 |
Description: There is a difficult to exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise 11.1 and below on Kubernetes which, under unique circumstances, could potentially allow a remote, unauthenticated attacker to compromise the confidentiality, integrity, and availability of the software.
CVSS: HIGH (8.5) EPSS Score: 0.37% SSVC Exploitation: none
April 10th, 2025 (3 months ago)
|
|
CVE-2024-25695 |
Description: There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.2 and below that may allow a remote, authenticated attacker to provide input that is not sanitized properly and is rendered in error messages. The are no privileges required to execute this attack.
CVSS: HIGH (7.2) EPSS Score: 0.11% SSVC Exploitation: none
April 10th, 2025 (3 months ago)
|
|
CVE-2024-22042 |
Description: A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack.
CVSS: HIGH (7.8) EPSS Score: 0.03% SSVC Exploitation: none
April 10th, 2025 (3 months ago)
|
|
CVE-2024-38040 |
Description: There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files.
CVSS: HIGH (7.5) EPSS Score: 0.1% SSVC Exploitation: none
April 10th, 2025 (3 months ago)
|
|
CVE-2024-2987 |
Description: A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine kritische Schwachstelle in Tenda FH1202 1.2.0.14(408) entdeckt. Hiervon betroffen ist die Funktion GetParentControlInfo der Datei /goform/GetParentControlInfo. Durch Manipulieren des Arguments mac mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.44% SSVC Exploitation: poc
April 10th, 2025 (3 months ago)
|
|
CVE-2024-2983 |
Description: A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this issue is the function formSetClientState of the file /goform/SetClientState. The manipulation of the argument deviceId/limitSpeed/limitSpeedUp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258152. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in Tenda FH1202 1.2.0.14(408) gefunden. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion formSetClientState der Datei /goform/SetClientState. Durch Manipulation des Arguments deviceId/limitSpeed/limitSpeedUp mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.7% SSVC Exploitation: poc
April 10th, 2025 (3 months ago)
|
|
CVE-2024-2978 |
Description: A vulnerability classified as critical has been found in Tenda F1203 2.0.1.6. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine Schwachstelle in Tenda F1203 2.0.1.6 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion formSetCfm der Datei /goform/setcfm. Durch Beeinflussen des Arguments funcpara1 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.48% SSVC Exploitation: poc
April 10th, 2025 (3 months ago)
|