CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-12296 |
Description: The Apus Framework plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'import_page_options' function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS: HIGH (8.8) EPSS Score: 0.05%
February 13th, 2025 (5 months ago)
|
|
CVE-2024-12251 |
Description: In Progress® Telerik® UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements.
CVSS: HIGH (7.8) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2024-11629 |
Description: In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF.
CVSS: HIGH (7.1) EPSS Score: 0.05%
February 13th, 2025 (5 months ago)
|
|
CVE-2024-11343 |
Description: In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access.
CVSS: HIGH (8.3) EPSS Score: 0.05%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-23359 |
Description: Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container's isolation protections and gain complete access to the underlying host.
The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions -
NVIDIA Container Toolkit (All
CVSS: HIGH (8.3) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2023-36884 |
Description: Executive Summary
Cybercrime makes up a majority of the malicious activity online and occupies the majority of defenders' resources. In 2024, Mandiant Consulting responded to almost four times more intrusions conducted by financially motivated actors than state-backed intrusions. Despite this overwhelming volume, cybercrime receives much less attention from national security practitioners than the threat from state-backed groups. While the threat from state-backed hacking is rightly understood to be severe, it should not be evaluated in isolation from financially motivated intrusions.
A hospital disrupted by a state-backed group using a wiper and a hospital disrupted by a financially motivated group using ransomware have the same impact on patient care. Likewise, sensitive data stolen from an organization and posted on a data leak site can be exploited by an adversary in the same way data exfiltrated in an espionage operation can be. These examples are particularly salient today, as criminals increasingly target and leak data from hospitals. Healthcare's share of posts on data leak sites has doubled over the past three years, even as the number of data leak sites tracked by Google Threat Intelligence Group has increased by nearly 50% year over year. The impact of these attacks mean that they must be taken seriously as a national security threat, no matter the motivation of the actors behind it.
Cybercrime also facilitates state-backed hacking by allowing states to purchas...
CVSS: HIGH (7.5)
February 12th, 2025 (5 months ago)
|
|
CVE-2025-26492 |
Description: In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
CVSS: HIGH (7.7) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2025-26491 |
Description: A vulnerability has been identified in Opcenter Intelligence (All versions < V2501). Server-side request forgery (SSRF) vulnerability in Tableau Server. For details go to help.salesforce.com and search for knowledge article id 001534936.
CVSS: HIGH (7.7) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2025-25243 |
Description: SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any user interaction. This can reveal highly sensitive information with no impact to integrity or availability.
CVSS: HIGH (8.6) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2025-25203 |
Description: CtrlPanel is open-source billing software for hosting providers. Prior to version 1.0, a Cross-Site Scripting (XSS) vulnerability exists in the `TicketsController` and `Moderation/TicketsController` due to insufficient input validation on the `priority` field during ticket creation and unsafe rendering of this field in the moderator panel. Version 1.0 contains a patch for the issue.
CVSS: HIGH (8.1) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|