CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56131 |
Description: Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
This issue affects:
Product
Affected Versions
LoadMaster
From 7.2.55.0 to 7.2.60.1 (inclusive)
From 7.2.49.0 to 7.2.54.12 (inclusive)
7.2.48.12 and all prior versions
Multi-Tenant Hypervisor
7.1.35.12 and all prior versions
ECS
All prior versions to 7.2.60.1 (inclusive)
CVSS: HIGH (8.4) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-49352 |
Description: IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS: HIGH (7.1) EPSS Score: 0.05%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-4349 |
Description: A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262489 was assigned to this vulnerability. In SourceCodester Pisay Online E-Learning System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /lesson/controller.php. Durch das Manipulieren des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.05%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-39564 |
Description: This is a similar, but different vulnerability than the issue reported as CVE-2024-39549.
A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS).
This issue affects:
Junos OS: * from 22.4 before 22.4R3-S4.
Junos OS Evolved: * from 22.4 before 22.4R3-S4-EVO.
CVSS: HIGH (7.5) EPSS Score: 0.05%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-3052 |
Description: Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-2878 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-21549 |
Description: Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files.
Note:
This is a bypass of the fix for CVE-2024-21549.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-1026
https://github.com/spatie/browsershot/pull/908
https://github.com/spatie/browsershot/commit/e3273974506865a24fbb5b65b534d8d4b8dfbf72
https://gist.github.com/chuajianshen/6291920112fcf1543fa7b43862112be6
https://gist.github.com/mrdgef/54a8783408220c67c1b859df38a52d65
https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533024
https://github.com/advisories/GHSA-f2q5-6mx7-q9qq
CVSS: HIGH (8.7)
February 5th, 2025 (5 months ago)
|
|
CVE-2025-24968 |
Description: reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as `penetration_tester` or `auditor` to delete all projects in the system. This can lead to a complete system takeover by redirecting the attacker to the onboarding page, where they can add or modify users, including Sys Admins, and configure critical settings like API keys and user preferences. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds.
CVSS: HIGH (8.8) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-24967 |
Description: reNgine is an automated reconnaissance framework for web applications. A stored cross-site scripting (XSS) vulnerability exists in the admin panel's user management functionality. An attacker can exploit this issue by injecting malicious payloads into the username field during user creation. This vulnerability allows unauthorized script execution whenever the admin views or interacts with the affected user entry, posing a significant risk to sensitive admin functionalities. This issue affects all versions up to and including 2.20. Users are advised to monitor the project for future releases which address this issue. There are no known workarounds.
CVSS: HIGH (7.4) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-24648 |
Description: Incorrect Privilege Assignment vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.1.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|