CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-36428 |
Description: OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36387 |
Description: Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36384 |
Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is related to notification messages.
Description: Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is related to notification messages.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36383 |
Description: An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML Authentication login outage.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36361 |
Description: Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36265 |
Description: ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core.
This issue affects Apache Submarine Server Core: from 0.8.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
EPSS Score: 4.23%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36263 |
Description: ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core.
This issue affects Apache Submarine Server Core: all versions.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36104 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14.
Users are recommended to upgrade to version 18.12.14, which fixes the issue.
EPSS Score: 1.06%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36079 |
Description: An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside the specified directory when the file is downloaded. To exploit this, an authenticated user would upload a file with an incorrect file name, and then download it.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36078 |
Description: In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes (which run with the environment and permissions of the Zammad user).
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|