CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-2359 |
Description: The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations.
CVSS: LOW (0.0) EPSS Score: 0.18%
December 13th, 2024 (6 months ago)
|
|
CVE-2023-2221 |
Description: The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 13th, 2024 (6 months ago)
|
|
CVE-2023-0368 |
Description: The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVSS: LOW (0.0) EPSS Score: 0.06%
December 13th, 2024 (6 months ago)
|
|
CVE-2024-55587 |
Description: python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-55586 |
Description: Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-54745 |
Description: WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-54531 |
Description: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. An app may be able to bypass kASLR.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-54528 |
Description: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to overwrite arbitrary files.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-54527 |
Description: This issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access sensitive user data.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 12th, 2024 (6 months ago)
|
|
CVE-2024-54526 |
Description: The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to access private information.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 12th, 2024 (6 months ago)
|