CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-2318 |
Description: A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.3 Build 2025-05-26-1605 is able to address this issue. It is recommended to upgrade the affected component. Es wurde eine problematische Schwachstelle in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei /pro/common/download der Komponente Service Port 9999. Mittels dem Manipulieren des Arguments fileName mit der Eingabe ../../../../zkbio_media.sql mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 2.1.3 Build 2025-05-26-1605 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: MEDIUM (5.3) EPSS Score: 0.24% SSVC Exploitation: poc
June 10th, 2025 (11 days ago)
|
|
CVE-2024-22312 |
Description: IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748.
CVSS: MEDIUM (4.4) EPSS Score: 0.01% SSVC Exploitation: none
June 10th, 2025 (11 days ago)
|
|
CVE-2024-21643 |
Description: IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher.
CVSS: HIGH (7.1) EPSS Score: 0.63% SSVC Exploitation: none
June 10th, 2025 (11 days ago)
|
|
CVE-2024-13090 |
Description: A privilege escalation vulnerability may enable a service account to elevate its privileges.
The sudo rules configured for a local service account were excessively permissive, potentially allowing administrative access if a malicious actor could execute arbitrary commands as that account.
It is important to note that no such vector has been identified in this instance.
CVSS: HIGH (7.0) EPSS Score: 0.01% SSVC Exploitation: none
June 10th, 2025 (11 days ago)
|
|
CVE-2024-13089 |
Description: An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands.
Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC.
While these updates are signed and their signatures are validated prior to installation, an improper signature validation check has been identified.
This issue could potentially enable users to execute commands remotely on the appliance, thereby impacting confidentiality, integrity, and availability.
CVSS: HIGH (7.5) EPSS Score: 0.19% SSVC Exploitation: none
June 10th, 2025 (11 days ago)
|
|
CVE-2024-1269 |
Description: A vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /supplier.php. The manipulation of the argument supplier_name/supplier_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253012. In SourceCodester Product Management System 1.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /supplier.php. Dank Manipulation des Arguments supplier_name/supplier_contact mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.4) EPSS Score: 0.17% SSVC Exploitation: poc
June 10th, 2025 (11 days ago)
|
|
CVE-2024-1253 |
Description: A vulnerability, which was classified as critical, has been found in Byzoro Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine kritische Schwachstelle wurde in Byzoro Smart S40 Management Platform bis 20240126 entdeckt. Dies betrifft einen unbekannten Teil der Datei /useratte/web.php der Komponente Import Handler. Durch die Manipulation des Arguments file_upload mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.7) EPSS Score: 0.08% SSVC Exploitation: poc
June 10th, 2025 (11 days ago)
|
|
CVE-2024-1186 |
Description: A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. In Munsoft Easy Archive Recovery 2.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalität der Komponente Registration Key Handler. Mittels Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.3) EPSS Score: 0.03% SSVC Exploitation: poc
June 10th, 2025 (11 days ago)
|
|
CVE-2024-0497 |
Description: A vulnerability was found in Campcodes Student Information System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Users.php?f=save. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250602 is the identifier assigned to this vulnerability. Es wurde eine kritische Schwachstelle in Campcodes Student Information System 1.0 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei /classes/Users.php?f=save. Dank der Manipulation des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.05% SSVC Exploitation: none
June 10th, 2025 (11 days ago)
|
|
Description: The Texas Department of Transportation (TxDOT) is warning that it suffered a data breach after a threat actor downloaded 300,000 crash records from its database. [...]
June 10th, 2025 (11 days ago)
|