CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54125 |
Description: Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
CVSS: LOW (3.3) EPSS Score: 0.04%
December 18th, 2024 (6 months ago)
|
|
CVE-2024-49820 |
Description: IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS: LOW (3.7) EPSS Score: 0.05%
December 18th, 2024 (6 months ago)
|
|
CVE-2024-42194 |
Description: An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call.
CVSS: LOW (3.1) EPSS Score: 0.04%
December 18th, 2024 (6 months ago)
|
|
CVE-2024-12300 |
Description: The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to, and including, 7.3. This makes it possible for unauthenticated attackers to upload php files leveraging a double extension attack. It's important to note the file is deleted immediately and double extension attacks only work on select servers making this unlikely to be successfully exploited.
CVSS: LOW (3.7) EPSS Score: 0.05%
December 14th, 2024 (6 months ago)
|
|
CVE-2023-41695 |
Description: Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.0.
CVSS: LOW (3.5) EPSS Score: 0.04%
December 14th, 2024 (6 months ago)
|
|
CVE-2024-9881 |
Description: The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (6 months ago)
|
|
CVE-2024-9641 |
Description: The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (6 months ago)
|
|
CVE-2024-9428 |
Description: The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (6 months ago)
|
|
CVE-2024-8587 |
Description: A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS: LOW (0.0) EPSS Score: 0.07%
December 13th, 2024 (6 months ago)
|
|
CVE-2024-55099 |
Description: A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 13th, 2024 (6 months ago)
|