CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-8550
Local File Inclusion (LFI) in modelscope/agentscope
Description: A Local File Inclusion (LFI) vulnerability exists in the /load-workflow endpoint of modelscope/agentscope version v0.0.4. This vulnerability allows an attacker to read arbitrary files from the server, including sensitive files such as API keys, by manipulating the filename parameter. The issue arises due to improper sanitization of user input passed to the os.path.join function, which can be exploited to access files outside the intended directory.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
February 11th, 2025 (5 months ago)

CVE-2024-13059
Path Traversal in mintplex-labs/anything-llm
Description: A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when the filename transformation introduces '../' sequences, which are not sanitized by multer, allowing attackers with manager or admin roles to write files to arbitrary locations on the server.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
February 11th, 2025 (5 months ago)

CVE-2024-11621
Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify...
Description: Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager Linux 2024.3.2.5 and earlier Remote Desktop Manager Android 2024.3.3.7 and earlier Remote Desktop Manager iOS 2024.3.3.0 and earlier Remote Desktop Manager Powershell 2024.3.6.0 and earlier

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
February 11th, 2025 (5 months ago)

CVE-2024-10334
Camera passwords stored in clear text
Description: A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.  An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed. This issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X.

CVSS: HIGH (7.0)

EPSS Score: 0.04%

Source: CVE
February 11th, 2025 (5 months ago)

CVE-2024-52875
Over 12,000 KerioControl firewalls exposed to exploited RCE flaw
Description: Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. [...]

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: BleepingComputer
February 11th, 2025 (5 months ago)

CVE-2024-42512
[OPCFoundation.NetStandard.Opc.Ua] Authorization Bypass in OPC UA .NET Standard Stack
Description: Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Basic128Rsa15 security policy is enabled. References https://nvd.nist.gov/vuln/detail/CVE-2024-42512 https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-42512.pdf https://github.com/advisories/GHSA-qv5f-57gw-vx3h

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: Github Advisory Database (Nuget)
February 10th, 2025 (5 months ago)

CVE-2024-11187
SUSE SLES15 Security Update : bind (SUSE-SU-2025:0359-1)
Description: Nessus Plugin ID 215167 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0359-1 advisory. - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected bind, bind-doc, bind-utils and / or python3-bind packages. Read more at https://www.tenable.com/plugins/nessus/215167

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: Tenable Plugins
February 10th, 2025 (5 months ago)

CVE-2024-39917
SUSE SLES15 Security Update : xrdp (SUSE-SU-2025:0350-1)
Description: Nessus Plugin ID 215171 with Critical Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0350-1 advisory. - CVE-2024-39917: Enforce no login screen if require_credentials is set (bsc#1227769)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected libpainter0, librfxencode0, xrdp and / or xrdp-devel packages. Read more at https://www.tenable.com/plugins/nessus/215171

CVSS: HIGH (7.2)

Source: Tenable Plugins
February 10th, 2025 (5 months ago)

CVE-2022-49043
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libxml2 (SUSE-SU-2025:0348-1)
Description: Nessus Plugin ID 215178 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0348-1 advisory. - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/215178

CVSS: HIGH (8.1)

Source: Tenable Plugins
February 10th, 2025 (5 months ago)

CVE-2024-11187
SUSE SLES15 Security Update : bind (SUSE-SU-2025:0384-1)
Description: Nessus Plugin ID 215179 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0384-1 advisory. - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected bind, bind-doc, bind-utils and / or python3-bind packages. Read more at https://www.tenable.com/plugins/nessus/215179

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: Tenable Plugins
February 10th, 2025 (5 months ago)