CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-34832 |
Description: Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters.
EPSS Score: 0.13%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-34582 |
Description: Sunhillo SureLine through 8.10.0 on RICI 5000 devices allows cgi/usrPasswd.cgi userid_change XSS within the Forgot Password feature.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-34477 |
Description: configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-34454 |
Description: Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature (and because * is accepted as a Common Name).
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-34448 |
Description: Ghost before 5.82.0 allows CSV Injection during a member CSV export.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-34365 |
Description: ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-34338 |
Description: Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-34310 |
Description: Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-34308 |
Description: TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the function urldecode.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-34274 |
Description: OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclient_spot of the OpenBD software uses serialized data, which can be used to execute arbitrary code on the system. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|