CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-56923

Description: Stored Cross-Site Scripting (XSS) in the Categorization Option of My Subscriptions Functionality in Silverpeas Core 6.4.1 allows a remote attacker to execute arbitrary JavaScript code. This is achieved by injecting a malicious payload into the Name field of a subscription. The attack can lead to session hijacking, data theft, or unauthorized actions when an admin user views the affected subscription.

EPSS Score: 0.04%

Source: CVE
January 23rd, 2025 (5 months ago)

CVE-2024-56914

Description: D-Link DSL-3782 v1.01 is vulnerable to Buffer Overflow in /New_GUI/ParentalControl.asp.

EPSS Score: 0.04%

Source: CVE
January 23rd, 2025 (5 months ago)

CVE-2024-55957

Description: In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due to improper access control permissions on Windows systems.

EPSS Score: 0.04%

Source: CVE
January 23rd, 2025 (5 months ago)

CVE-2024-55488

Description: A stored cross-site scripting (XSS) vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

EPSS Score: 0.04%

Source: CVE
January 23rd, 2025 (5 months ago)

CVE-2024-42013

Description: In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of the program.

EPSS Score: 0.04%

Source: CVE
January 23rd, 2025 (5 months ago)

CVE-2024-42012

Description: GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate that local user.

EPSS Score: 0.04%

Source: CVE
January 23rd, 2025 (5 months ago)

CVE-2024-3623

Description: A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database.

EPSS Score: 0.04%

Source: CVE
January 23rd, 2025 (5 months ago)

CVE-2024-34235

Description: Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service.

EPSS Score: 0.04%

Source: CVE
January 23rd, 2025 (5 months ago)

CVE-2024-24432

Description: A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

EPSS Score: 0.04%

Source: CVE
January 23rd, 2025 (5 months ago)

CVE-2024-24430

Description: A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.

EPSS Score: 0.04%

Source: CVE
January 23rd, 2025 (5 months ago)