CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3885 |
Description: Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23942.
CVSS: MEDIUM (5.3) EPSS Score: 0.06% SSVC Exploitation: none
May 22nd, 2025 (29 days ago)
|
|
CVE-2024-7103 |
Description: A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the login flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser.
While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking.
CVSS: MEDIUM (4.6) EPSS Score: 0.03% SSVC Exploitation: none
May 22nd, 2025 (29 days ago)
|
|
CVE-2024-51553 |
Description: Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: none
May 22nd, 2025 (29 days ago)
|
|
CVE-2024-51552 |
Description: Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVSS: MEDIUM (6.0) EPSS Score: 0.05% SSVC Exploitation: none
May 22nd, 2025 (29 days ago)
|
|
CVE-2024-48848 |
Description: Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVSS: MEDIUM (6.5) EPSS Score: 0.04% SSVC Exploitation: none
May 22nd, 2025 (29 days ago)
|
|
CVE-2024-13958 |
Description: Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVSS: MEDIUM (4.6) EPSS Score: 0.03% SSVC Exploitation: none
May 22nd, 2025 (29 days ago)
|
|
CVE-2024-13956 |
Description: SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVSS: MEDIUM (6.7) EPSS Score: 0.05% SSVC Exploitation: none
May 22nd, 2025 (29 days ago)
|
|
CVE-2024-13954 |
Description: Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: none
May 22nd, 2025 (29 days ago)
|
|
CVE-2024-13953 |
Description: Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVSS: MEDIUM (4.9) EPSS Score: 0.04% SSVC Exploitation: none
May 22nd, 2025 (29 days ago)
|
|
CVE-2024-13950 |
Description: Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVSS: MEDIUM (6.8) EPSS Score: 0.04% SSVC Exploitation: none
May 22nd, 2025 (29 days ago)
|