CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-57969 |
Description: app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-57790 |
Description: IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH.
EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-57778 |
Description: An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200.
CVSS: MEDIUM (5.1) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-57725 |
Description: An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint.
CVSS: MEDIUM (5.1) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-56973 |
Description: Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.
EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-56477 |
Description: IBM Power Hardware Management Console V10.3.1050.0 could allow an authenticated user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-56463 |
Description: IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS: MEDIUM (4.8) EPSS Score: 0.05%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-56180 |
Description: CWE-502 Deserialization of Untrusted Data at the eventmesh-meta-raft plugin module in Apache EventMesh master branch without release version on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via hessian deserialization rpc protocol. Users can use the code under the master branch in project repo or version 1.11.0 to fix this issue.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-55904 |
Description: IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
CVSS: HIGH (7.2) EPSS Score: 0.05%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-5462 |
Description: If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords is not enabled. An attacker can use these passwords to fetch values of the supported OIDs via SNMPv3 queries. There are also a limited number of MIB objects that can be modified.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|