CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-32354 |
Description: TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-32353 |
Description: TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-32352 |
Description: TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-32351 |
Description: TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-32350 |
Description: TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecPsk" parameter in the "cstecgi.cgi" binary.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-32349 |
Description: TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-32113 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
EPSS Score: 93.84%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-32077 |
Description: Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.
Users are recommended to upgrade to version 2.9.1, which fixes this issue.
EPSS Score: 0.14%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-31974 |
Description: The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in the intent by any installed application (with no permissions).
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-31869 |
Description: Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 https://github.com/advisories/GHSA-9qqg-mh7c-chfq which concerned API, not UI configuration page.
EPSS Score: 0.1%
February 14th, 2025 (5 months ago)
|