CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-36328 |
Description: Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of integrity or availability.
CVSS: HIGH (7.3) EPSS Score: 0.01% SSVC Exploitation: none
April 2nd, 2025 (3 months ago)
|
|
CVE-2025-29981 |
Description: Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
CVSS: HIGH (7.5) EPSS Score: 0.08% SSVC Exploitation: none
April 2nd, 2025 (3 months ago)
|
|
CVE-2024-45064 |
Description: A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted set of network packets can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS: HIGH (8.5) EPSS Score: 0.08%
April 2nd, 2025 (3 months ago)
|
|
CVE-2025-30090 |
Description: mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.
CVSS: HIGH (7.2) EPSS Score: 0.04%
April 2nd, 2025 (3 months ago)
|
|
CVE-2025-3063 |
Description: The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_callback_update_sa_option() function in versions 2.0 to 2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS: HIGH (8.8) EPSS Score: 0.04%
April 2nd, 2025 (3 months ago)
|
|
CVE-2024-39780 |
Description: A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code. This issue has now been fixed for ROS Noetic via commit 3d93ac13603438323d7e9fa74e879e45c5fe2e8e.
CVSS: HIGH (8.4) EPSS Score: 0.07%
April 2nd, 2025 (3 months ago)
|
|
CVE-2025-0676 |
Description: This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.
CVSS: HIGH (8.6) EPSS Score: 0.48%
April 2nd, 2025 (3 months ago)
|
|
CVE-2024-45699 |
Description: The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.
CVSS: HIGH (7.5) EPSS Score: 0.09%
April 2nd, 2025 (3 months ago)
|
|
CVE-2024-36465 |
Description: A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.
CVSS: HIGH (8.6) EPSS Score: 0.04%
April 2nd, 2025 (3 months ago)
|
|
CVE-2025-25060 |
Description: Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.
CVSS: HIGH (8.2) EPSS Score: 0.13%
April 2nd, 2025 (3 months ago)
|