CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-0824 |
Description: The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.11% SSVC Exploitation: none
May 29th, 2025 (20 days ago)
|
|
CVE-2024-0727 |
Description: Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL
to crash leading to a potential Denial of Service attack
Impact summary: Applications loading files in the PKCS12 format from untrusted
sources might terminate abruptly.
A file in PKCS12 format can contain certificates and keys and may come from an
untrusted source. The PKCS12 specification allows certain fields to be NULL, but
OpenSSL does not correctly check for this case. This can lead to a NULL pointer
dereference that results in OpenSSL crashing. If an application processes PKCS12
files from an untrusted source using the OpenSSL APIs then that application will
be vulnerable to this issue.
OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
function is related to writing data we do not consider it security significant.
The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
CVSS: MEDIUM (5.5) EPSS Score: 0.21% SSVC Exploitation: none
May 29th, 2025 (20 days ago)
|
|
CVE-2024-0674 |
Description: Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js.
CVSS: MEDIUM (6.3) EPSS Score: 0.02% SSVC Exploitation: none
May 29th, 2025 (20 days ago)
|
|
CVE-2024-0625 |
Description: The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVSS: MEDIUM (4.4) EPSS Score: 0.16% SSVC Exploitation: none
May 29th, 2025 (20 days ago)
|
|
CVE-2024-0456 |
Description: An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project
CVSS: MEDIUM (4.3) EPSS Score: 0.08% SSVC Exploitation: none
May 29th, 2025 (20 days ago)
|
|
CVE-2025-4081 |
Description: Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassing Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.
This issue affects DaVinci Resolve on macOS in all versions.
Last tested version: 19.1.3
CVSS: MEDIUM (4.8) EPSS Score: 0.01% SSVC Exploitation: none
May 29th, 2025 (20 days ago)
|
|
CVE-2025-33043 |
Description: APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity.
CVSS: MEDIUM (5.8) EPSS Score: 0.02% SSVC Exploitation: none
May 29th, 2025 (20 days ago)
|
|
CVE-2025-5320 |
Description: A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to origin validation error. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine Schwachstelle in gradio-app gradio bis 5.29.1 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion is_valid_origin der Komponente CORS Handler. Mittels dem Manipulieren des Arguments localhost_aliases mit unbekannten Daten kann eine origin validation error-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.02% SSVC Exploitation: poc
May 29th, 2025 (20 days ago)
|
|
CVE-2025-46080 |
Description: HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
May 29th, 2025 (20 days ago)
|
|
CVE-2025-46078 |
Description: HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
May 29th, 2025 (20 days ago)
|