CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-20721 |
Description: Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: MEDIUM (5.5) EPSS Score: 0.5% SSVC Exploitation: none
June 3rd, 2025 (12 days ago)
|
|
CVE-2024-0565 |
Description: An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
CVSS: MEDIUM (6.8) EPSS Score: 0.07% SSVC Exploitation: none
June 3rd, 2025 (12 days ago)
|
|
CVE-2024-0320 |
Description: Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user.
CVSS: MEDIUM (5.4) EPSS Score: 0.08% SSVC Exploitation: none
June 3rd, 2025 (12 days ago)
|
|
CVE-2024-0317 |
Description: Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.
CVSS: MEDIUM (5.4) EPSS Score: 0.11% SSVC Exploitation: none
June 3rd, 2025 (12 days ago)
|
|
CVE-2024-0315 |
Description: Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process.
CVSS: MEDIUM (6.6) EPSS Score: 0.38% SSVC Exploitation: none
June 3rd, 2025 (12 days ago)
|
|
CVE-2024-0314 |
Description: XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking.
CVSS: MEDIUM (5.4) EPSS Score: 0.08% SSVC Exploitation: none
June 3rd, 2025 (12 days ago)
|
|
CVE-2025-5497 |
Description: A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as critical. This vulnerability affects unknown code of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. The manipulation of the argument cnt_text leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component. In slackero phpwcms bis 1.9.45/1.10.8 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei include/inc_module/mod_feedimport/inc/processing.inc.php der Komponente Feedimport Module. Durch Manipulieren des Arguments cnt_text mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 1.9.46 and 1.10.9 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
June 3rd, 2025 (12 days ago)
|
|
CVE-2024-12718 |
Description: Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory.
You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature.
Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.
Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
CVSS: MEDIUM (5.3) EPSS Score: 0.06%
June 3rd, 2025 (12 days ago)
|
|
Description: Posted by Housma mardini on Jun 03Hi,
I am submitting an exploit for *CVE-2019-9978*, a remote code execution
vulnerability in the Social Warfare WordPress plugin (version <= 3.5.2).
*Exploit Title*: CVE-2019-9978: Remote Code Execution in Social Warfare
WordPress Plugin (<= 3.5.2)
*Date*: 2025-05-20
*Exploit Author*: Huseyin Mardinli
*Vendor Homepage*: https://warfareplugins.com/
*Software Link*: https://wordpress.org/plugins/social-warfare/
*Version*: <= 3.5.2...
CVSS: MEDIUM (6.1)
June 3rd, 2025 (12 days ago)
|
|
CVE-2025-5340 |
Description: The Music Player for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘album_buy_url’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
June 3rd, 2025 (12 days ago)
|