CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54751 |
Description: COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (7 months ago)
|
|
CVE-2024-54133 |
Description: Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1. Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. Versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1 contain a fix. As a workaround, applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.
CVSS: LOW (2.3) EPSS Score: 0.05%
December 11th, 2024 (7 months ago)
|
|
CVE-2024-54051 |
Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
CVSS: LOW (3.1) EPSS Score: 0.07%
December 11th, 2024 (7 months ago)
|
|
CVE-2024-54050 |
Description: Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
CVSS: LOW (3.1) EPSS Score: 0.07%
December 11th, 2024 (7 months ago)
|
|
CVE-2024-53552 |
Description: CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (7 months ago)
|
|
CVE-2024-53481 |
Description: A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (7 months ago)
|
|
CVE-2024-53480 |
Description: Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (7 months ago)
|
|
CVE-2024-53245 |
Description: In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard.
CVSS: LOW (3.1) EPSS Score: 0.04%
December 11th, 2024 (7 months ago)
|
|
CVE-2024-52831 |
Description: Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: LOW (3.5) EPSS Score: 0.05%
December 11th, 2024 (7 months ago)
|
|
CVE-2024-51165 |
Description: SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 11th, 2024 (7 months ago)
|