CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-52961 |
Description: An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0, 4.4.0 through 4.4.7, 4.2.0 through 4.2.7 and before 4.0.5 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests.
CVSS: HIGH (8.6) EPSS Score: 0.06%
March 11th, 2025 (4 months ago)
|
|
CVE-2024-45328 |
Description: An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu.
CVSS: HIGH (7.1) EPSS Score: 0.01%
March 11th, 2025 (4 months ago)
|
|
CVE-2024-45324 |
Description: A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7.2.12 and before 7.0.19, FortiPAM version 1.4.0 through 1.4.2 and before 1.3.1, FortiSRA version 1.4.0 through 1.4.2 and before 1.3.1 and FortiWeb version 7.4.0 through 7.4.5, version 7.2.0 through 7.2.10 and before 7.0.10 allows a privileged attacker to execute unauthorized code or commands via specially crafted HTTP or HTTPS commands.
CVSS: HIGH (7.0) EPSS Score: 0.15%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-27363 |
🚨 Marked as known exploited on April 17th, 2025 (3 months ago).
Description: An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
CVSS: HIGH (8.1) EPSS Score: 5.37% SSVC Exploitation: none
March 11th, 2025 (4 months ago)
|
|
CVE-2025-22369 |
Description: The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-22368 |
Description: The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.
CVSS: HIGH (8.7) EPSS Score: 0.08%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-22367 |
Description: The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.
CVSS: HIGH (8.7) EPSS Score: 0.08%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-22366 |
Description: The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.
CVSS: HIGH (8.7) EPSS Score: 0.08%
March 11th, 2025 (4 months ago)
|
|
CVE-2024-27120 |
Description: A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in version 24.1.2.
CVSS: HIGH (7.7) EPSS Score: 0.29% SSVC Exploitation: none
March 11th, 2025 (4 months ago)
|
|
CVE-2024-21881 |
Description: Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x
CVSS: HIGH (8.6) EPSS Score: 0.04% SSVC Exploitation: none
March 11th, 2025 (4 months ago)
|