CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-33297 |
Description: Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function
References
https://nvd.nist.gov/vuln/detail/CVE-2024-33297
https://github.com/MathSabo/CVE-2024-33297
https://github.com/advisories/GHSA-j4v9-cm37-h7c2
EPSS Score: 0.04%
January 13th, 2025 (6 months ago)
|
|
CVE-2024-33298 |
Description: Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup
References
https://nvd.nist.gov/vuln/detail/CVE-2024-33298
https://github.com/MathSabo/CVE-2024-33298
https://github.com/advisories/GHSA-w5g5-4jj3-8f6v
EPSS Score: 0.04%
January 13th, 2025 (6 months ago)
|
|
CVE-2024-33299 |
Description: Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users
References
https://nvd.nist.gov/vuln/detail/CVE-2024-33299
https://github.com/MathSabo/CVE-2024-33299
https://github.com/advisories/GHSA-97h9-p9f8-4p3r
EPSS Score: 0.04%
January 13th, 2025 (6 months ago)
|
|
Description: RipperSec Targeted the Website of Unique Cars And Parts
January 13th, 2025 (6 months ago)
|
|
|
Description: Amazon drivers have continued delivering packages in some areas of Los Angeles affected by ongoing wildfires in a constantly changing situation.
January 13th, 2025 (6 months ago)
|
|
|
Description: A Threat Actor Claims to have Leaked the Data of Instituto Nacional de Bellas Artes y Literatura
January 13th, 2025 (6 months ago)
|
|
|
Description: The forums for Path of Exile 2 have been awash with people claiming they’ve been hacked and their inventories emptied of valuable items. Now there’s an explanation for at least dozens of the account compromises.
January 13th, 2025 (6 months ago)
|
|
|
Description: Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure by Demand series, this guidance focuses on helping customers identify manufacturers dedicated to continuous improvement and achieving a better cost balance, as well as how Operational Technology (OT) owners and operators should integrate secure by design elements into their procurement process.
Critical infrastructure and industrial control systems are prime targets for cyberattacks. The authoring agencies warn that threat actors, when compromising OT components, target specific OT products rather than specific organizations. Many OT products are not designed and developed with Secure by Design principles and often have easily exploited weaknesses. When procuring products, OT owners and operators should select products from manufacturers who prioritize security elements identified in this guidance.
For more information on questions to consider during procurement discussions, see CISA’s Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem. To learn more about secure by design principles and practices, visit Secure by Design.
January 13th, 2025 (6 months ago)
|
|
|
Description: A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key. [...]
January 13th, 2025 (6 months ago)
|
|
|
Description: By focusing on vigilant security practices, responsible AI deployment, and alignment with global regulatory standards, the OSS community can make 2025 a transformative year for security.
January 13th, 2025 (6 months ago)
|