CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-23424	Description: Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution CVSS: MEDIUM (6.5) EPSS Score: 0.25% Source: CVE November 28th, 2024 (8 months ago)
CVE-2023-2232	Description: An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix CVSS: MEDIUM (6.5) EPSS Score: 0.12% Source: CVE November 28th, 2024 (8 months ago)
CVE-2023-1783	OrangeScrum 2.0.11 - AWS Credentials Leak via PDF Rendering Description: OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF. CVSS: MEDIUM (6.5) EPSS Score: 0.11% Source: CVE November 28th, 2024 (8 months ago)
CVE-2023-0003	Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server Description: A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. CVSS: MEDIUM (6.5) EPSS Score: 0.12% Source: CVE November 28th, 2024 (8 months ago)
CVE-2024-53426	Description: A heap-buffer-overflow vulnerability has been identified in ntopng 6.2 in the Flow::dissectMDNS function. CVSS: MEDIUM (6.2) EPSS Score: 0.04% Source: CVE November 27th, 2024 (8 months ago)
CVE-2024-43451	NTLM Hash Disclosure Spoofing Vulnerability Description: NTLM Hash Disclosure Spoofing Vulnerability CVSS: MEDIUM (6.5) EPSS Score: 1.33% Source: CVE November 27th, 2024 (8 months ago)
CVE-2024-43449	Windows USB Video Class System Driver Elevation of Privilege Vulnerability Description: Windows USB Video Class System Driver Elevation of Privilege Vulnerability CVSS: MEDIUM (6.8) EPSS Score: 0.05% Source: CVE November 27th, 2024 (8 months ago)
CVE-2024-42412	Description: Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. CVSS: MEDIUM (6.1) EPSS Score: 0.05% Source: CVE November 27th, 2024 (8 months ago)
CVE-2024-34162	Description: The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE November 27th, 2024 (8 months ago)
CVE-2024-32151	Description: User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. CVSS: MEDIUM (5.9) EPSS Score: 0.04% Source: CVE November 27th, 2024 (8 months ago)