CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0052 |
Description: Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.
CVSS: HIGH (8.3) EPSS Score: 0.07%
June 10th, 2025 (11 days ago)
|
|
CVE-2025-0051 |
Description: Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.
CVSS: HIGH (8.7) EPSS Score: 0.07%
June 10th, 2025 (11 days ago)
|
|
CVE-2025-0036 |
Description: In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.
CVSS: LOW (3.2) EPSS Score: 0.01% SSVC Exploitation: none
June 10th, 2025 (11 days ago)
|
|
CVE-2024-57190 |
Description: Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.
EPSS Score: 0.08% SSVC Exploitation: none
June 10th, 2025 (11 days ago)
|
|
CVE-2024-57189 |
Description: In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler.
EPSS Score: 0.03%
June 10th, 2025 (11 days ago)
|
|
CVE-2024-57186 |
Description: In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.
EPSS Score: 0.05%
June 10th, 2025 (11 days ago)
|
|
CVE-2024-54019 |
Description: A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection.
CVSS: MEDIUM (4.4) EPSS Score: 0.02% SSVC Exploitation: none
June 10th, 2025 (11 days ago)
|
|
CVE-2024-50568 |
Description: A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specific data to spoof the identity of a downstream device of the security fabric via crafted TCP requests.
CVSS: MEDIUM (5.6) EPSS Score: 0.01% SSVC Exploitation: none
June 10th, 2025 (11 days ago)
|
|
CVE-2024-50562 |
Description: An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out.
CVSS: MEDIUM (4.4) EPSS Score: 0.04% SSVC Exploitation: none
June 10th, 2025 (11 days ago)
|
|
CVE-2024-45329 |
Description: A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests.
CVSS: LOW (3.9) EPSS Score: 0.03% SSVC Exploitation: none
June 10th, 2025 (11 days ago)
|