CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0994 |
🚨 Marked as known exploited on February 6th, 2025 (5 months ago).
Description: Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.
CVSS: HIGH (8.6) EPSS Score: 1.32%
February 7th, 2025 (5 months ago)
|
|
CVE-2025-0675 |
Description: Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-57960 |
Description: Input verification vulnerability in the ExternalStorageProvider module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS: HIGH (7.7) EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-54171 |
Description: IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS: HIGH (7.1) EPSS Score: 0.05%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-49814 |
Description: IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges.
CVSS: HIGH (7.8) EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-47258 |
Description: 2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices.
CVSS: HIGH (8.1) EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-43779 |
Description: An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP requests to trigger this vulnerability.
CVSS: HIGH (7.7) EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-37358 |
Description: Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations
Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals.
CVSS: HIGH (8.6) EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-13487 |
Description: The The CURCY – Multi Currency for WooCommerce – The best free currency exchange plugin – Run smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution via the get_products_price() function in all versions up to, and including, 2.2.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVSS: HIGH (7.3) EPSS Score: 0.05%
February 7th, 2025 (5 months ago)
|
|
CVE-2025-0411 |
Description: 7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user.
CVSS: HIGH (7.0) EPSS Score: 0.4%
February 6th, 2025 (5 months ago)
|