CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-36359 |
Description: TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVSS: LOW (0.0) EPSS Score: 0.1%
December 11th, 2024 (6 months ago)
|
|
CVE-2023-36358 |
Description: TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 11th, 2024 (6 months ago)
|
|
CVE-2024-49138 |
Description: Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-9651 |
Description: The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-55638 |
Description: Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-55637 |
Description: Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-55636 |
Description: Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-55635 |
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-55634 |
Description: A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|
|
CVE-2024-55578 |
Description: Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 10th, 2024 (6 months ago)
|