CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-21485 |
Description: Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that's visible to another user who opens that view - not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server.
**Note:**
This is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user.
CVSS: MEDIUM (6.5) EPSS Score: 0.44% SSVC Exploitation: poc
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-20904 |
Description: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).
CVSS: MEDIUM (5.0) EPSS Score: 0.22% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-20825 |
Description: Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
CVSS: MEDIUM (5.5) EPSS Score: 0.04% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-20001 |
Description: In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601.
CVSS: MEDIUM (6.7) EPSS Score: 0.03% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-1405 |
Description: A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine Schwachstelle in Linksys WRT54GL 4.30.18 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /wlaninfo.htm der Komponente Web Management Interface. Durch Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.3) EPSS Score: 0.03% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-1404 |
Description: A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in Linksys WRT54GL 4.30.18 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /SysInfo.htm der Komponente Web Management Interface. Durch das Beeinflussen mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.3) EPSS Score: 0.08% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-1167 |
Description:
When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur.
CVSS: MEDIUM (5.5) EPSS Score: 0.09% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-1110 |
Description: The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.
CVSS: MEDIUM (5.3) EPSS Score: 0.15% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-0849 |
Description: Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
CVSS: MEDIUM (5.5) EPSS Score: 0.03% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-0797 |
Description: The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use.
CVSS: MEDIUM (4.3) EPSS Score: 0.13% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|