CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-20817 |
Description: Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
CVSS: MEDIUM (6.6) EPSS Score: 0.06% SSVC Exploitation: none
May 8th, 2025 (about 2 months ago)
|
|
CVE-2024-1353 |
Description: A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability. Eine kritische Schwachstelle wurde in PHPEMS bis 1.0 entdeckt. Es geht hierbei um die Funktion index der Datei app/weixin/controller/index.api.php. Mittels Manipulieren des Arguments picurl mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.05% SSVC Exploitation: poc
May 8th, 2025 (about 2 months ago)
|
|
CVE-2024-1261 |
Description: A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000. In Juanpao JPShop bis 1.5.02 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um die Funktion actionIndex der Datei /api/controllers/merchant/app/ComboController.php der Komponente API. Dank der Manipulation des Arguments pic_url mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.06% SSVC Exploitation: none
May 8th, 2025 (about 2 months ago)
|
|
CVE-2024-0771 |
Description: A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. In Nsasoft Product Key Explorer 4.0.9 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalität der Komponente Registration Handler. Mit der Manipulation des Arguments Name/Key mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03% SSVC Exploitation: poc
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-30102 |
Description: Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.1.0, contains an out-of-bounds write vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to denial of service.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-30101 |
Description: Dell PowerScale OneFS, versions 9.8.0.0 through 9.10.1.0, contain a time-of-check time-of-use (TOCTOU) race condition vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to denial of service and information tampering.
CVSS: MEDIUM (4.4) EPSS Score: 0.02%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-45847 |
Description: ALFA AIP-W512 v3.2.2.2.3 was discovered to contain an authenticated stack overflow via the targetAPMac parameter in the formWsc function.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2024-25225 |
Description: A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.
CVSS: MEDIUM (5.4) EPSS Score: 0.12% SSVC Exploitation: poc
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-3511 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.2
ATTENTION: Exploitable remotely
Vendor: Mitsubishi Electric
Equipment: CC-Link IE TSN Remote I/O module, CC-Link IE TSN Analog-Digital Converter module, CC-Link IE TSN Digital-Analog Converter module, CC-Link IE TSN FPGA module, CC-Link IE TSN Remote Station Communication LSI CP620 with GbE-PHY
Vulnerability: Improper Validation of Specified Quantity in Input
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the affected products.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Mitsubishi Electric CC-Link IE TSN, a network controller, are affected:
CC-Link IE TSN Remote I/O module NZ2GN2S1-32D/32T/32TE/32DT/32DTE: Versions 09 and prior
CC-Link IE TSN Remote I/O module NZ2GN2B1-32D/32T/32TE/32DT/32DTE: Versions 09 and prior
CC-Link IE TSN Remote I/O module NZ2GNCF1-32D/32T: Versions 09 and prior
CC-Link IE TSN Remote I/O module NZ2GNCE3-32D/32DT: Versions 09 and prior
CC-Link IE TSN Remote I/O module NZ2GN12A4-16D/16DE: Versions 09 and prior
CC-Link IE TSN Remote I/O module NZ2GN12A2-16T/16TE: Versions 09 and prior
CC-Link IE TSN Remote I/O module NZ2GN12A42-16DT/16DTE: Versions 09 and prior
CC-Link IE TSN Remote I/O module NZ2GN2S1-16D/16T/16TE: Versions 09 and prior
CC-Link IE TSN Remote I/O module NZ2GN2B1-16D/16T/16TE: Versions 09 and prior
CC-Link IE TSN Analog-Digital Converter module NZ2GN2S-60AD4: Versions 07 and prior
C...
CVSS: MEDIUM (5.9) EPSS Score: 0.07%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2023-5767 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.2
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Hitachi Energy
Equipment: RTU500 series
Vulnerabilities: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Validation of Specified Index, Position, or Offset in Input
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute cross-site scripting or trigger a denial-of-service condition on the affected device.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Hitachi Energy reports the following products are affected:
RTU500 series: Versions 12.0.1 to 12.0.14
RTU500 series: Versions 12.2.1 to 12.2.11
RTU500 series: Versions 12.4.1 to 12.4.11
RTU500 series: Versions 12.6.1 to 12.6.9
RTU500 series: Versions 12.7.1 to 12.7.6
RTU500 series: Versions 13.2.1 to 13.2.6
RTU500 series: Versions 13.4.1 to 13.4.3
3.2 VULNERABILITY OVERVIEW
3.2.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-79
A vulnerability exists in the webserver that affects the RTU500 series product versions listed above. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized.
CVE-2023-5767 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.0 has been assigned; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L).
A CVSS v4 score has also been calculated for CVE-2023-5767. A b...
CVSS: MEDIUM (6.0)
May 8th, 2025 (about 2 months ago)
|