CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-45617	Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc Description: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. EPSS Score: 0.04% Source: CVE January 3rd, 2025 (6 months ago)
CVE-2024-45616	Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc Description: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card. EPSS Score: 0.04% Source: CVE January 3rd, 2025 (6 months ago)
CVE-2024-45615	Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init Description: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.). EPSS Score: 0.04% Source: CVE January 3rd, 2025 (6 months ago)
CVE-2024-12595	AHAthat Plugin <= 1.6 - Reflected XSS via REQUEST_URI Description: The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers EPSS Score: 0.04% Source: CVE January 3rd, 2025 (6 months ago)
CVE-2024-11357	Goodlayers Core < 2.0.10 - Contributor+ Stored XSS Description: The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. EPSS Score: 0.04% Source: CVE January 3rd, 2025 (6 months ago)
CVE-2024-11217	Oauth-server-container: oauth-server-container logs client secret in debug level Description: A vulnerability was found in the OAuth-server. OAuth-server logs the OAuth2 client secret when the logLevel is Debug higher for OIDC/GitHub/GitLab/Google IDPs login options. EPSS Score: 0.05% Source: CVE January 3rd, 2025 (6 months ago)
CVE-2024-11184	WP Enabled SVG <= 0.7 - Author+ Stored XSS via SVG Description: The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts EPSS Score: 0.04% Source: CVE January 3rd, 2025 (6 months ago)
CVE-2024-10234	Wildfly: wildfly vulnerable to cross-site scripting (xss) Description: A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server. EPSS Score: 0.05% Source: CVE January 3rd, 2025 (6 months ago)
	Daily Dose of Dark Web Informer - January 2nd, 2025 Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts. Source: DarkWebInformer January 3rd, 2025 (6 months ago)
	Ransomware gang leaks data stolen in Rhode Island's RIBridges Breach Description: The Brain Cipher ransomware gang has begun to leak documents stolen in an attack on Rhode Island's "RIBridges" social services platform. [...] Source: BleepingComputer January 2nd, 2025 (6 months ago)