CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-13113 |
Description: The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
EPSS Score: 0.03%
February 26th, 2025 (4 months ago)
|
|
CVE-2024-12878 |
Description: The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
February 26th, 2025 (4 months ago)
|
|
CVE-2024-12737 |
Description: The WP BASE Booking of Appointments, Services and Events WordPress plugin before 5.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.03%
February 26th, 2025 (4 months ago)
|
|
CVE-2024-10563 |
Description: The WooCommerce Cart Count Shortcode WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
EPSS Score: 0.03%
February 26th, 2025 (4 months ago)
|
|
CVE-2024-10483 |
Description: The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
EPSS Score: 0.04%
February 26th, 2025 (4 months ago)
|
|
CVE-2024-10152 |
Description: The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
February 26th, 2025 (4 months ago)
|
|
Description: Microsoft has introduced a new Windows 11 24H2 upgrade block for systems with AutoCAD 2022, addressing compatibility issues that prevent the program from launching. [...]
February 26th, 2025 (4 months ago)
|
|
CVE-2024-9622 |
Description: A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BAD_MESSAGE state. As a result, any subsequent legitimate requests on the same connection are ignored, leading to client timeouts, which may impact systems using load balancers and expose them to risk.
CVSS: MEDIUM (5.3) EPSS Score: 0.19% SSVC Exploitation: none
February 26th, 2025 (4 months ago)
|
|
CVE-2024-49035 |
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities in question are as follows -
CVE-2024-49035 (CVSS score: 8.7) - An improper access control
CVSS: HIGH (8.7)
February 26th, 2025 (4 months ago)
|
|
CVE-2025-22869 |
Description: SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
EPSS Score: 0.06%
February 26th, 2025 (4 months ago)
|