CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-21687 |
Description: This High severity File Inclusion vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0 and 9.6.0 of Bamboo Data Center and Server.
This File Inclusion vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to get the application to display the contents of a local file, or execute a different files already stored locally on the server which has high impact to confidentiality, high impact to integrity, no impact to availability, and requires no user interaction.
Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions listed on this CVE
See the release notes (https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html). You can download the latest version of Bamboo Data Center and Server from the download center (https://www.atlassian.com/software/bamboo/download-archives).
This vulnerability was reported via our Bug Bounty program.
CVSS: HIGH (8.1) EPSS Score: 0.17% SSVC Exploitation: none
March 14th, 2025 (4 months ago)
|
|
CVE-2024-0780 |
Description: The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action
CVSS: HIGH (8.8) EPSS Score: 0.58% SSVC Exploitation: poc
March 14th, 2025 (4 months ago)
|
|
CVE-2024-46662 |
Description: A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to escalation of privilege via specifically crafted packets
CVSS: HIGH (8.3) EPSS Score: 0.11%
March 14th, 2025 (4 months ago)
|
|
CVE-2024-37471 |
Description: Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice Core allows Reflected XSS.This issue affects Woffice Core: from n/a through 5.4.8.
CVSS: HIGH (7.1) EPSS Score: 0.13% SSVC Exploitation: none
March 14th, 2025 (4 months ago)
|
|
CVE-2024-22892 |
Description: OpenSlides 4.0.15 was discovered to be using a weak hashing algorithm to store passwords.
CVSS: HIGH (7.5) EPSS Score: 0.04% SSVC Exploitation: none
March 14th, 2025 (4 months ago)
|
|
CVE-2025-29776 |
Description: Azle is a WebAssembly runtime for TypeScript and JavaScript on ICP. Calling `setTimer` in Azle versions `0.27.0`, `0.28.0`, and `0.29.0` causes an immediate infinite loop of timers to be executed on the canister, each timer attempting to clean up the global state of the previous timer. The infinite loop will occur with any valid invocation of `setTimer`. The problem has been fixed as of Azle version `0.30.0`. As a workaround, if a canister is caught in this infinite loop after calling `setTimer`, the canister can be upgraded and the timers will all be cleared, thus ending the loop.
CVSS: HIGH (8.7) EPSS Score: 0.05%
March 14th, 2025 (4 months ago)
|
|
CVE-2024-28077 |
Description: A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.
CVSS: HIGH (7.5) EPSS Score: 0.15% SSVC Exploitation: none
March 14th, 2025 (4 months ago)
|
|
CVE-2025-27594 |
Description: The device uses an unencrypted, proprietary protocol for communication. Through this protocol, configuration data is transmitted and device authentication is performed. An attacker can thereby intercept the authentication hash and use it to log into the device using a pass-the-hash attack.
CVSS: HIGH (7.5) EPSS Score: 0.06%
March 14th, 2025 (4 months ago)
|
|
CVE-2024-13773 |
Description: The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated attackers to extract sensitive data including LinkedIn client and secret keys.
CVSS: HIGH (7.3) EPSS Score: 0.07%
March 14th, 2025 (4 months ago)
|
|
CVE-2024-12810 |
Description: The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, generate backups, restore backups, update theme options, and reset theme options to default settings.
CVSS: HIGH (8.8) EPSS Score: 0.05%
March 14th, 2025 (4 months ago)
|