CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1278 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass IP access restrictions and view sensitive information.
CVSS: MEDIUM (5.3) EPSS Score: 0.02%
May 9th, 2025 (about 2 months ago)
|
|
CVE-2025-0549 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. A security vulnerability allows attackers to bypass Device OAuth flow protections, enabling authorization form submission through minimal user interaction.
CVSS: MEDIUM (6.8) EPSS Score: 0.01%
May 9th, 2025 (about 2 months ago)
|
|
CVE-2024-8973 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. It was possible to cause a DoS condition via GitHub import requests using a malicious crafted payload.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
May 9th, 2025 (about 2 months ago)
|
|
CVE-2024-24808 |
Description: pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.
CVSS: MEDIUM (4.7) EPSS Score: 1.03% SSVC Exploitation: poc
May 9th, 2025 (about 2 months ago)
|
|
CVE-2024-23344 |
Description: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition.
CVSS: MEDIUM (5.3) EPSS Score: 0.1% SSVC Exploitation: poc
May 9th, 2025 (about 2 months ago)
|
|
CVE-2024-20012 |
Description: In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566.
CVSS: MEDIUM (6.7) EPSS Score: 0.02% SSVC Exploitation: none
May 9th, 2025 (about 2 months ago)
|
|
CVE-2024-0732 |
Description: A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251555. Eine problematische Schwachstelle wurde in PCMan FTP Server 2.0.7 gefunden. Davon betroffen ist unbekannter Code der Komponente STOR Command Handler. Durch das Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.08% SSVC Exploitation: poc
May 9th, 2025 (about 2 months ago)
|
|
CVE-2024-0728 |
Description: A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251551. In ForU CMS bis 2020-06-23 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalität der Datei channel.php. Durch die Manipulation des Arguments c_cmodel mit unbekannten Daten kann eine file inclusion-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.7) EPSS Score: 0.07% SSVC Exploitation: poc
May 9th, 2025 (about 2 months ago)
|
|
CVE-2025-4382 |
Description: A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may allow an attacker with physical access to access the unencrypted data without any further authentication, thereby compromising data confidentiality. Furthermore, the ability to force this state through filesystem corruption also presents a data integrity concern.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
May 9th, 2025 (about 2 months ago)
|
|
CVE-2025-3897 |
Description: The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. The vulnerability can only be exploited if a caching plugin such as W3 Total Cache is installed and activated.
CVSS: MEDIUM (5.9) EPSS Score: 0.16%
May 9th, 2025 (about 2 months ago)
|