CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53552 |
Description: CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-53481 |
Description: A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-53480 |
Description: Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-53245 |
Description: In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
CVSS: LOW (3.1) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-52831 |
Description: Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: LOW (3.5) EPSS Score: 0.05%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-51165 |
Description: SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-50929 |
Description: Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-50924 |
Description: Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets to the controller.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-50920 |
Description: Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-50699 |
Description: TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (6 months ago)
|