CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-47935 |
Description: Improper Validation of Integrity Check Value vulnerability in TXOne Networks StellarProtect (Legacy Mode), StellarEnforce, and Safe Lock allows an attacker to escalate their privileges in the victim’s device. The attacker needs to hijack the DLL file in advance.
This issue affects StellarProtect (Legacy Mode): before 3.2; StellarEnforce: before 3.2; Safe Lock: from 3.0.0 before 3.1.1076.
*Note: StellarProtect (Legacy Mode) is the new name for StellarEnforce, they are the same product.
CVSS: MEDIUM (6.7) EPSS Score: 0.01%
February 18th, 2025 (5 months ago)
|
|
CVE-2024-25066 |
Description: RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfiltration cannot occur.
CVSS: MEDIUM (4.3) EPSS Score: 0.07%
February 18th, 2025 (5 months ago)
|
|
CVE-2024-22372 |
Description: OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product.
CVSS: MEDIUM (6.8) EPSS Score: 1.07%
February 18th, 2025 (5 months ago)
|
|
CVE-2024-13879 |
Description: The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
February 18th, 2025 (5 months ago)
|
|
CVE-2024-13726 |
Description: The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
CVSS: HIGH (8.6) EPSS Score: 18.98%
February 18th, 2025 (5 months ago)
|
|
CVE-2024-13627 |
Description: The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVSS: MEDIUM (4.7) EPSS Score: 0.05%
February 18th, 2025 (5 months ago)
|
|
CVE-2024-13626 |
Description: The VR-Frases (collect & share quotes) WordPress plugin through 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
February 18th, 2025 (5 months ago)
|
|
CVE-2024-13625 |
Description: The Tube Video Ads Lite WordPress plugin through 1.5.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 18th, 2025 (5 months ago)
|
|
CVE-2024-13608 |
Description: The Track Logins WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVSS: MEDIUM (4.7) EPSS Score: 0.03%
February 18th, 2025 (5 months ago)
|
|
CVE-2024-13603 |
Description: The Wise Forms WordPress plugin through 1.2.0 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks via malicious form submissions.
EPSS Score: 0.03%
February 18th, 2025 (5 months ago)
|