CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0161 |
Description: IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.
CVSS: HIGH (7.8) EPSS Score: 0.02%
February 21st, 2025 (5 months ago)
|
|
CVE-2024-7316 |
Description: Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop.
CVSS: MEDIUM (5.9) EPSS Score: 0.11%
February 21st, 2025 (5 months ago)
|
|
CVE-2024-7141 |
Description: Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw.
CVSS: MEDIUM (5.9) EPSS Score: 0.02%
February 21st, 2025 (5 months ago)
|
|
CVE-2024-6432 |
Description: The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter within the plugin's shortcode Content Block in all versions up to, and including, 3.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.04%
February 21st, 2025 (5 months ago)
|
|
CVE-2024-57716 |
Description: An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive information via the Unselectable function.
EPSS Score: 0.05%
February 21st, 2025 (5 months ago)
|
|
CVE-2024-57401 |
Description: SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function.
EPSS Score: 0.18%
February 21st, 2025 (5 months ago)
|
|
CVE-2024-5739 |
Description: The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in any website can be controlled by an attacker, this vulnerability could be exploited to capture or alter content displayed in the top frame, as well as user session information. This vulnerability affects LINE client for iOS versions below 14.9.0 and does not affect other LINE clients such as LINE client for Android. Please update LINE client for iOS to version 14.9.0 or higher.
CVSS: MEDIUM (6.1) EPSS Score: 0.14%
February 21st, 2025 (5 months ago)
|
|
CVE-2024-55457 |
Description: MasterSAM Star Gate 11 is vulnerable to directory traversal via /adama/adama/downloadService. An attacker can exploit this vulnerability by manipulating the file parameter to access arbitrary files on the server, potentially exposing sensitive information.
EPSS Score: 55.61%
February 21st, 2025 (5 months ago)
|
|
CVE-2024-54961 |
Description: Nagios XI 2024R1.2.2 has an Information Disclosure vulnerability, which allows unauthenticated users to access multiple pages displaying the usernames and email addresses of all current users.
EPSS Score: 0.04%
February 21st, 2025 (5 months ago)
|
|
CVE-2024-54960 |
Description: A SQL Injection vulnerability in Nagios XI 2024R1.2.2 allows a remote attacker to execute SQL injection via a crafted payload in the History Tab component.
EPSS Score: 0.05%
February 21st, 2025 (5 months ago)
|