CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-4043 |
Description: An admin user can gain unauthorized write access to the /etc/rc.local file on the device, which is executed on a system boot.
CVSS: MEDIUM (6.8) EPSS Score: 0.03%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2024-22430 |
Description:
Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service.
CVSS: MEDIUM (5.5) EPSS Score: 0.01% SSVC Exploitation: none
May 7th, 2025 (about 2 months ago)
|
|
CVE-2024-22388 |
Description: Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.
CVSS: MEDIUM (5.9) EPSS Score: 0.03% SSVC Exploitation: none
May 7th, 2025 (about 2 months ago)
|
|
CVE-2024-1260 |
Description: A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252999. Es wurde eine Schwachstelle in Juanpao JPShop bis 1.5.02 entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion actionIndex der Datei /api/controllers/admin/app/ComboController.php der Komponente API. Durch Beeinflussen des Arguments pic_url mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.06% SSVC Exploitation: none
May 7th, 2025 (about 2 months ago)
|
|
CVE-2024-1250 |
Description: An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.
CVSS: MEDIUM (6.5) EPSS Score: 0.01% SSVC Exploitation: none
May 7th, 2025 (about 2 months ago)
|
|
CVE-2024-1198 |
Description: A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696. Es wurde eine Schwachstelle in openBI bis 6.0.3 gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion addxinzhi der Datei application/controllers/User.php der Komponente Phar Handler. Durch Manipulation des Arguments outimgurl mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.05% SSVC Exploitation: none
May 7th, 2025 (about 2 months ago)
|
|
CVE-2024-0963 |
Description: The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.12% SSVC Exploitation: none
May 7th, 2025 (about 2 months ago)
|
|
CVE-2024-0907 |
Description: The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to restore records.
CVSS: MEDIUM (5.3) EPSS Score: 0.49% SSVC Exploitation: none
May 7th, 2025 (about 2 months ago)
|
|
CVE-2024-0285 |
Description:
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input.
CVSS: MEDIUM (4.7) EPSS Score: 0.03% SSVC Exploitation: none
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-45388 |
Description: Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) in the document upload functionality. Attackers can inject malicious code inside a PDF file. When a user clicks the document in the CMS interface, the payload executes.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 7th, 2025 (about 2 months ago)
|