CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-53556	Description: An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to redirect users to arbitrary websites via appending a crafted link to /login?next= in the login page URL. EPSS Score: 0.04% Source: CVE November 28th, 2024 (7 months ago)
CVE-2024-53438	Description: EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing attackers to execute arbitrary SQL commands. EPSS Score: 0.04% Source: CVE November 28th, 2024 (7 months ago)
CVE-2024-52951	Description: Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update 1 allows an authenticated attacker to execute arbitrary code in the browser of a victim via a specially crafted link or by viewing a manipulated Access Request History EPSS Score: 0.05% Source: CVE November 28th, 2024 (7 months ago)
CVE-2024-52787	Description: An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file. EPSS Score: 0.05% Source: CVE November 28th, 2024 (7 months ago)
CVE-2024-52771	Description: DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view. EPSS Score: 0.04% Source: CVE November 28th, 2024 (7 months ago)
CVE-2024-52726	Description: CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information EPSS Score: 0.04% Source: CVE November 28th, 2024 (7 months ago)
CVE-2024-51367	Description: An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file. EPSS Score: 0.04% Source: CVE November 28th, 2024 (7 months ago)
CVE-2024-51364	Description: An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file. EPSS Score: 0.04% Source: CVE November 28th, 2024 (7 months ago)
CVE-2024-51330	Description: An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local attacker to execute arbitrary code via Inter-process communication (IPC) mechanism between Cura application and CuraEngine processes, localhost network stack, printing settings and G-code processing and transmission components, Ultimaker 3D Printers. EPSS Score: 0.04% Source: CVE November 28th, 2024 (7 months ago)
CVE-2024-51228	Description: An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component. EPSS Score: 0.05% Source: CVE November 28th, 2024 (7 months ago)