CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-23928	Pioneer DMH-WT7600NEX Telematics Improper Certificate Validation Description: This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telematics functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. EPSS Score: 0.07% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-23921	ChargePoint Home Flex Command Injection Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanapp module. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. EPSS Score: 0.07% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-23920	ChargePoint Home Flex Improper Access Control Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the onboardee module. The issue results from improper access control. An attacker can leverage this vulnerability to execute code in the context of root. EPSS Score: 0.07% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13226	A5 Custom Login Page <= 2.8.1 - Reflected XSS Description: The A5 Custom Login Page WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13225	ECT Home Page Products <= 1.9 - Reflected XSS Description: The ECT Home Page Products WordPress plugin through 1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13224	SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected XSS Description: The SlideDeck 1 Lite Content Slider WordPress plugin through 1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13223	Tabulate <= 2.10.3 - Reflected XSS Description: The Tabulate WordPress plugin through 2.10.3 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13222	User Messages <= 1.2.4 - Reflected XSS Description: The User Messages WordPress plugin through 1.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13221	Fantastic Elasticsearch <= 4.1.0 - Reflected XSS Description: The Fantastic ElasticSearch WordPress plugin through 4.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)
CVE-2024-13220	Google Map Professional <= 1.0 - Reflected XSS Description: The WordPress Google Map Professional (Map In Your Language) WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 1st, 2025 (5 months ago)