CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-4900 |
Description: The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-48783 |
Description: An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component.
CVSS: LOW (0.0) EPSS Score: 0.09%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-48453 |
Description: An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function
CVSS: LOW (0.0) EPSS Score: 0.05%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-48406 |
Description: Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the power(uct_int_t x, uct_int_t n) in src/uct_upstream.c.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-45495 |
Description: MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-43091 |
Description: In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-4226 |
Description: It was identified that in certain versions of Octopus Server, that a user created with no permissions could view all users, user roles and permissions. This functionality was removed in versions of Octopus Server after the fixed versions listed.
CVSS: LOW (3.5) EPSS Score: 0.04%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-41156 |
Description: Profile files from TRO600 series radios are extracted in plain-text
and encrypted file formats. Profile files provide potential attackers
valuable configuration information about the Tropos network. Profiles
can only be exported by authenticated users with higher privilege of write access.
CVSS: LOW (2.7) EPSS Score: 0.05%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-39219 |
Description: An issue in Aginode GigaSwitch V5 before version 7.06G allows authenticated attackers with Administrator privileges to upload an earlier firmware version, exposing the device to previously patched vulnerabilities.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-39163 |
Description: binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (7 months ago)
|