CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0466 |
Description: The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0451 |
Description: Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0445 |
Description: Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0444 |
Description: Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0368 |
Description: The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users.
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-48445 |
Description: An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters.
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-48019 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris.
Application administrators can read arbitrary
files from the server filesystem through path traversal.
Users are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue.
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-33601 |
Description: nscd: netgroup cache may terminate daemon on memory allocation failure
The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
xrealloc and these functions may terminate the process due to a memory
allocation failure resulting in a denial of service to the clients. The
flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
EPSS Score: 0.05%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-33411 |
Description: A SQL injection vulnerability in /model/get_admin_profile.php in Campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the my_index parameter.
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-27137 |
Description: In Apache Cassandra it is possible for a local attacker without access
to the Apache Cassandra process or configuration files to manipulate
the RMI registry to perform a man-in-the-middle attack and capture user
names and passwords used to access the JMX interface. The attacker can
then use these credentials to access the JMX interface and perform
unauthorized operations.
This is same vulnerability that CVE-2020-13946 was issued for, but the Java option was changed in JDK10.
This issue affects Apache Cassandra from 4.0.2 through 5.0.2 running Java 11.
Operators are recommended to upgrade to a release equal to or later than 4.0.15, 4.1.8, or 5.0.3 which fixes the issue.
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|