CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-57177 |
Description: A host header injection vulnerability exists in the NPM package of perfood/couch-auth <= 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-54954 |
Description: OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-54658 |
Description: The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.
EPSS Score: 0.07%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-48170 |
Description: PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload injected into the name in the profile.php.
EPSS Score: 0.05%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-47226 |
Description: A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties have disputed this as not a vulnerability. It is argued that the configuration revision banner feature is meant to contain unsanitized HTML in order to display notifications to users. Since these fields are intended to display unsanitized HTML, this is working as intended.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-46948 |
Description: Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.
EPSS Score: 0.05%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-46437 |
Description: A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an unauthenticated remote attacker to retrieve sensitive configuration information, including WiFi SSID, WiFi password, and base64-encoded administrator credentials, by sending a specially crafted HTTP POST request to the getQuickCfgWifiAndLogin function, bypassing authentication checks.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-46436 |
Description: Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain root access to the device over the telnet service.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-46435 |
Description: A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This vulnerability occurs due to improper input validation when handling user-supplied data in the delFacebookPic function.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-46434 |
Description: Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing an unauthorized remote attacker to gain administrative access by sending a specially crafted HTTP request.
EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|