CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1527 |
Description: The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to a Stored DOM-Based Cross-Site Scripting via the plugin's Flash Sale Countdown module in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
March 12th, 2025 (4 months ago)
|
|
CVE-2024-13872 |
Description: Bitdefender Box, versions 1.3.11.490 through 1.3.11.505, uses the insecure HTTP protocol to download assets over the Internet to update and restart daemons and detection rules on the devices. Updates can be remotely triggered through the /set_temp_token API method. Then, an unauthenticated and network-adjacent attacker can use man-in-the-middle (MITM) techniques to return malicious responses. Restarted daemons that use malicious assets can then be exploited for remote code execution on the device.
CVSS: CRITICAL (9.4) EPSS Score: 0.02%
March 12th, 2025 (4 months ago)
|
|
CVE-2024-13871 |
Description: A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). This flaw allows an unauthenticated, network-adjacent attacker to execute arbitrary commands on the device, potentially leading to full remote code execution (RCE).
CVSS: CRITICAL (9.4) EPSS Score: 0.26%
March 12th, 2025 (4 months ago)
|
|
CVE-2024-13870 |
Description: An improper access control vulnerability exists in Bitdefender Box 1 (firmware version 1.3.52.928 and below) that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signed firmware. The attack requires Bitdefender BOX to be booted in Recovery Mode and that the attacker be present within the WiFi range of the BOX unit.
CVSS: LOW (1.8) EPSS Score: 0.02%
March 12th, 2025 (4 months ago)
|
|
Description: We are encouraging large organisations to help us develop an alternative route to certification.
March 12th, 2025 (4 months ago)
|
|
Description: Can an equivalent cyber security standard deliver the same outcomes as the NCSC’s Cyber Essentials scheme?
March 12th, 2025 (4 months ago)
|
|
Description: NCSC-assured CRA service now offering Cyber Assessment Framework based audits and more applications invited from potential service providers.
March 12th, 2025 (4 months ago)
|
|
Description: A new NCSC scheme assuring providers of CAF-based audits is now open for potential members.
March 12th, 2025 (4 months ago)
|
|
Description: New NCSC training package to help schools improve their cyber security.
March 12th, 2025 (4 months ago)
|
|
Description: How 'small but actionable' insights can improve behaviours and decision making.
March 12th, 2025 (4 months ago)
|