CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-25120 |
Description: TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.
CVSS: MEDIUM (4.3) EPSS Score: 0.14% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|
|
CVE-2024-24884 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.This issue affects Contact Form 7 Connector: from n/a through 1.2.2.
CVSS: MEDIUM (4.3) EPSS Score: 0.08% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|
|
CVE-2024-24855 |
Description: A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.
CVSS: MEDIUM (5.0) EPSS Score: 0.01% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|
|
CVE-2024-23447 |
Description: An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.
CVSS: MEDIUM (5.3) EPSS Score: 0.07% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|
|
CVE-2024-22464 |
Description:
Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.
CVSS: MEDIUM (6.2) EPSS Score: 0.09% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|
|
CVE-2024-21984 |
Description: StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8
are susceptible to a difficult to exploit Reflected Cross-Site Scripting
(XSS) vulnerability. Successful exploit requires the attacker to know
specific information about the target instance and trick a privileged
user into clicking a specially crafted link. This could allow the
attacker to view or modify configuration settings or add or modify user
accounts.
CVSS: MEDIUM (5.9) EPSS Score: 0.16% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|
|
CVE-2024-21494 |
Description: All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address.
CVSS: MEDIUM (5.4) EPSS Score: 0.02% SSVC Exploitation: poc
April 24th, 2025 (2 months ago)
|
|
CVE-2024-20822 |
Description: Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
CVSS: MEDIUM (5.5) EPSS Score: 0.04% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|
|
CVE-2024-20733 |
Description: Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: MEDIUM (5.5) EPSS Score: 0.34% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|
|
CVE-2024-1559 |
Description: The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.5) EPSS Score: 0.25% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|