CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53473 |
Description: WeGIA 3.2.0 before 3998672 does not verify permission to change a password.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 8th, 2024 (6 months ago)
|
|
CVE-2024-53143 |
Description: In the Linux kernel, the following vulnerability has been resolved:
fsnotify: Fix ordering of iput() and watched_objects decrement
Ensure the superblock is kept alive until we're done with iput().
Holding a reference to an inode is not allowed unless we ensure the
superblock stays alive, which fsnotify does by keeping the
watched_objects count elevated, so iput() must happen before the
watched_objects decrement.
This can lead to a UAF of something like sb->s_fs_info in tmpfs, but the
UAF is hard to hit because race orderings that oops are more likely, thanks
to the CHECK_DATA_CORRUPTION() block in generic_shutdown_super().
Also, ensure that fsnotify_put_sb_watched_objects() doesn't call
fsnotify_sb_watched_objects() on a superblock that may have already been
freed, which would cause a UAF read of sb->s_fsnotify_info.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 8th, 2024 (6 months ago)
|
|
CVE-2024-40744 |
Description: Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 8th, 2024 (6 months ago)
|
|
CVE-2024-35286 |
Description: A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 8th, 2024 (6 months ago)
|
|
CVE-2024-11183 |
Description: The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (0.0) EPSS Score: 0.04%
December 8th, 2024 (6 months ago)
|
|
CVE-2024-9633 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.
CVSS: LOW (3.1) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-6601 |
Description: A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-55268 |
Description: A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-54750 |
Description: Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|
|
CVE-2024-54749 |
Description: Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 7th, 2024 (6 months ago)
|