CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-23327 |
Description: Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (7.5) EPSS Score: 0.14% SSVC Exploitation: none
June 9th, 2025 (8 days ago)
|
|
CVE-2024-22876 |
Description: StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator.
EPSS Score: 0.18% SSVC Exploitation: none
June 9th, 2025 (8 days ago)
|
|
CVE-2024-22860 |
Description: Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
EPSS Score: 1.86% SSVC Exploitation: none
June 9th, 2025 (8 days ago)
|
|
CVE-2024-22402 |
Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist
Description: Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed this may present a permissions bypass. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.
CVSS: MEDIUM (5.4) EPSS Score: 0.24% SSVC Exploitation: none
June 9th, 2025 (8 days ago)
|
|
CVE-2024-0589 |
Description: Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry.
EPSS Score: 0.37% SSVC Exploitation: none
June 9th, 2025 (8 days ago)
|
|
CVE-2024-0425 |
Description: A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444. In ForU CMS bis 2020-06-23 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /admin/index.php?act=reset_admin_psw. Durch das Manipulieren mit unbekannten Daten kann eine weak password recovery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.13% SSVC Exploitation: poc
June 9th, 2025 (8 days ago)
|
|
CVE-2024-0265 |
Description: A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability. Eine Schwachstelle wurde in SourceCodester Clinic Queuing System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /index.php der Komponente GET Parameter Handler. Dank der Manipulation des Arguments page mit unbekannten Daten kann eine file inclusion-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.48% SSVC Exploitation: poc
June 9th, 2025 (8 days ago)
|
|
Description: Alleged database sale of Podoservice
June 9th, 2025 (8 days ago)
|
|
Description: Michael Pratt led Girls Do Porn, a sex trafficking operation that targeted hundreds of young women with force, fraud and coercion.
June 9th, 2025 (8 days ago)
|
|
CVE-2025-5888 |
Description: A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In jsnjfz WebStack-Guns 1.0 wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode. Durch das Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.02%
June 9th, 2025 (8 days ago)
|