CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-21966
A DLL hijacking vulnerability in the AMD Ryzen™ Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in...
Description: A DLL hijacking vulnerability in the AMD Ryzen™ Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

CVSS: HIGH (7.3)

EPSS Score: 0.04%

Source: CVE
February 12th, 2025 (5 months ago)

CVE-2024-21925
Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.
Description: Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution.

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: CVE
February 12th, 2025 (5 months ago)

CVE-2024-21924
SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially...
Description: SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution.

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: CVE
February 12th, 2025 (5 months ago)

CVE-2024-13813
Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.
Description: Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
February 12th, 2025 (5 months ago)

CVE-2024-13643
Zox News <= 3.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Modification
Description: The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. This vulnerability can lead to privilege escalation and denial of service conditions due to missing capability checks on the backup_options() and reset_options() functions in all versions up to and including 3.17.0. This vulnerability allows authenticated attackers with Subscriber-level access and above to update and delete arbitrary option values on the WordPress site. Attackers can exploit this issue to update the default user role for registration to Administrator and enable user registration, thereby gaining administrative access to the vulnerable site. Additionally, they could delete critical options, causing errors that may disrupt the site's functionality and deny service to legitimate users.

CVSS: HIGH (8.8)

EPSS Score: 0.06%

Source: CVE
February 12th, 2025 (5 months ago)

CVE-2024-12833
Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability
Description: Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. Some user interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the PRTG Network Monitor web interface. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23371.

CVSS: HIGH (8.0)

EPSS Score: 0.05%

Source: CVE
February 12th, 2025 (5 months ago)

CVE-2024-12756
Avaya Spaces HTML injection (HTMLi) Vulnerability
Description: An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user.

CVSS: HIGH (7.3)

EPSS Score: 0.04%

Source: CVE
February 12th, 2025 (5 months ago)

CVE-2024-12755
Avaya Spaces XSS Vulnerability
Description: A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information.

CVSS: HIGH (7.9)

EPSS Score: 0.04%

Source: CVE
February 12th, 2025 (5 months ago)

CVE-2024-12599
HT Mega – Absolute Addons For Elementor <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget
Description: The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
February 12th, 2025 (5 months ago)

CVE-2024-12551
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
Description: Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25567.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
February 12th, 2025 (5 months ago)