CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0893 |
Description: Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vulnerability.
CVSS: HIGH (7.8) EPSS Score: 0.02%
February 20th, 2025 (5 months ago)
|
|
CVE-2024-9947 |
Description: The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token.
CVSS: HIGH (8.1) EPSS Score: 0.24%
February 20th, 2025 (5 months ago)
|
|
CVE-2024-9946 |
Description: The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login. The vulnerability was partially patched in version 7.13.68.
CVSS: HIGH (8.1) EPSS Score: 0.34%
February 20th, 2025 (5 months ago)
|
|
CVE-2024-57262 |
Description: In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related issue to CVE-2024-57256.
CVSS: HIGH (7.1) EPSS Score: 0.03%
February 20th, 2025 (5 months ago)
|
|
CVE-2024-57261 |
Description: In barebox before 2025.01.0, request2size in common/dlmalloc.c has an integer overflow, a related issue to CVE-2024-57258.
CVSS: HIGH (7.1) EPSS Score: 0.03%
February 20th, 2025 (5 months ago)
|
|
CVE-2024-5706 |
Description: The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. (CWE-99)
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not restrict JNDI identifiers during the creation of Community Dashboards, allowing control of system-level data sources.
An attacker could gain access to or modify sensitive data or system resources. This could allow access to protected files or directories including configuration files and files containing sensitive information, which can lead to remote code execution by unauthorized users.
CVSS: HIGH (8.8) EPSS Score: 0.21%
February 20th, 2025 (5 months ago)
|
|
CVE-2024-5705 |
Description: The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. (CWE-863)
Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, have modules enabled by default that allow execution of system level processes.
When access control checks are incorrectly applied, users can access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures and denial of service.
CVSS: HIGH (8.8) EPSS Score: 0.06%
February 20th, 2025 (5 months ago)
|
|
CVE-2024-52902 |
Description: IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system.
CVSS: HIGH (8.8) EPSS Score: 0.05%
February 20th, 2025 (5 months ago)
|
|
CVE-2024-52541 |
Description: Dell Client Platform BIOS contains a Weak Authentication vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVSS: HIGH (8.2) EPSS Score: 0.02%
February 20th, 2025 (5 months ago)
|
|
CVE-2024-45084 |
Description: IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0
could allow an authenticated attacker to conduct formula injection. An attacker could execute arbitrary commands on the system, caused by improper validation of file contents.
CVSS: HIGH (8.0) EPSS Score: 0.05%
February 20th, 2025 (5 months ago)
|