CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-57437 |
Description: RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list.
EPSS Score: 0.05%
January 30th, 2025 (5 months ago)
|
|
CVE-2024-57436 |
Description: RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.
EPSS Score: 0.05%
January 30th, 2025 (5 months ago)
|
|
CVE-2024-57395 |
Description: Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters.
EPSS Score: 0.04%
January 30th, 2025 (5 months ago)
|
|
CVE-2024-54852 |
Description: When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.
EPSS Score: 0.04%
January 30th, 2025 (5 months ago)
|
|
CVE-2024-54851 |
Description: Teedy <= 1.12 is vulnerable to Cross Site Request Forgery (CSRF), due to the lack of CSRF protection.
EPSS Score: 0.04%
January 30th, 2025 (5 months ago)
|
|
CVE-2024-51182 |
Description: HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter.
EPSS Score: 0.04%
January 30th, 2025 (5 months ago)
|
|
CVE-2024-48761 |
Description: The specific component in Celk Saude 3.1.252.1 that processes user input and returns error messages to the client is vulnerable due to improper validation or sanitization of the "erro" parameter. This parameter appears as a response when incorrect credentials are entered during login. The lack of proper validation or sanitization makes the component susceptible to injection attacks, potentially allowing attackers to manipulate the input and exploit the system.
EPSS Score: 0.04%
January 30th, 2025 (5 months ago)
|
|
CVE-2024-40422 |
Description: The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system.
EPSS Score: 1.5%
January 30th, 2025 (5 months ago)
|
|
CVE-2024-39894 |
Description: OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
EPSS Score: 0.04%
January 30th, 2025 (5 months ago)
|
|
CVE-2024-23733 |
Description: The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the /WmAdmin/#/login/ URI.
EPSS Score: 0.04%
January 30th, 2025 (5 months ago)
|