CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53995 |
Description: SickChill is an automatic video library manager for TV shows. A user-controlled login endpoint's next_ parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to settings.DEFAULT_PAGE instead of to the next parameter.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-53995
https://github.com/SickChill/sickchill/pull/8811
https://github.com/SickChill/sickchill/commit/c7128a8946c3701df95c285810eb75b2de18bf82
https://github.com/SickChill/sickchill/blob/846adafdfab579281353ea08a27bbb813f9a9872/sickchill/views/authentication.py#L33
https://securitylab.github.com/advisories/GHSL-2024-283_GHSL-2024-291_sickchill_sickchill
https://github.com/advisories/GHSA-6gf2-ffq8-gcww
CVSS: LOW (1.9) EPSS Score: 0.05%
January 8th, 2025 (5 months ago)
|
|
CVE-2024-5445 |
Description: Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers from a privileged network position.
CVSS: LOW (3.8) EPSS Score: 0.05%
January 8th, 2025 (5 months ago)
|
|
CVE-2024-12425 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal.
An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files.
This issue affects LibreOffice: from 24.8 before < 24.8.4.
CVSS: LOW (2.4) EPSS Score: 0.04%
January 8th, 2025 (5 months ago)
|
|
CVE-2024-10527 |
Description: The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information.
CVSS: LOW (3.1) EPSS Score: 0.05%
January 8th, 2025 (5 months ago)
|
|
CVE-2024-55626 |
Description: Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8.
CVSS: LOW (3.3) EPSS Score: 0.05%
January 7th, 2025 (5 months ago)
|
|
CVE-2024-51472 |
Description: IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVSS: LOW (3.1) EPSS Score: 0.05%
January 7th, 2025 (5 months ago)
|
|
CVE-2024-12970 |
Description: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus OS My Computer: before 0.7.2.
CVSS: LOW (3.9) EPSS Score: 0.04%
January 7th, 2025 (5 months ago)
|
|
CVE-2024-11319 |
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3.
CVSS: LOW (3.8) EPSS Score: 0.06%
January 7th, 2025 (5 months ago)
|
|
CVE-2025-0214 |
Description: A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCart. It has been rated as problematic. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument headermenu_id leads to sql injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. Eine Schwachstelle wurde in TMD Custom Header Menu 4.0.0.1 für OpenCart ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /admin/index.php. Dank Manipulation des Arguments headermenu_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Die Komplexität eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: LOW (2.1) EPSS Score: 0.05%
January 5th, 2025 (5 months ago)
|
|
CVE-2024-56324 |
Description: GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups they administer to trigger XML External Entity (XXE) injection on the GoCD server. Theoretically, the XXE vulnerability can result in additional attacks such as SSRF, information disclosure from the GoCD server, and directory traversal, although these additional attacks have not been explicitly demonstrated as exploitable. This issue is fixed in GoCD 24.5.0. Some workarounds are available. One may temporarily block access to `/go/*/pipelines/snippet` routes from an external reverse proxy or WAF if one's "group admin" users do not need the functionality to edit the XML of pipelines directly (rather than using the UI, or using a configuration repository). One may also prevent external access from one's GoCD server to arbitrary locations using some kind of environment egress control.
CVSS: LOW (2.1) EPSS Score: 0.05%
January 4th, 2025 (5 months ago)
|