CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56923 |
Description: Stored Cross-Site Scripting (XSS) in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The attack can lead to session hijacking, data theft, or unauthorized actions when an admin user views the affected subscription.
EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2024-56914 |
Description: D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp.
EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2024-55957 |
Description: In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems.
EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2024-55488 |
Description: A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2024-42013 |
Description: In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of the program.
EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2024-42012 |
Description: GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate that local user.
EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2024-3623 |
Description: A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database.
EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2024-34235 |
Description: Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service.
EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2024-24432 |
Description: A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|
|
CVE-2024-24430 |
Description: A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
EPSS Score: 0.04%
January 23rd, 2025 (5 months ago)
|