CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-13692
Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference
Description: The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.4.5 via several functions due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to overwrite linked refund image attachments, overwrite refund request message, overwrite order messages, and read order messages of other users.

CVSS: MEDIUM (5.4)

EPSS Score: 0.06%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2024-13641
Return Refund and Exchange For WooCommerce <= 4.4.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
Description: The Return Refund and Exchange For WooCommerce – Return Management System, RMA Exchange, Wallet And Cancel Order Features plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.5 via the 'attachment' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/attachment directory which can contain file attachments for order refunds.

CVSS: MEDIUM (5.9)

EPSS Score: 0.06%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2024-13493
Sensly Online Presence <= 0.6 - Admin+ Stored XSS
Description: The Sensly Online Presence WordPress plugin through 0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVSS: MEDIUM (4.8)

EPSS Score: 0.04%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2024-13152
SQLi in BSS Software's Mobuy Online Machinery Monitoring Panel
Description: Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.

CVSS: CRITICAL (10.0)

EPSS Score: 0.09%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2024-12651
Sensitive Data Exposure in PTT Inc.'s HGS Mobile App
Description: Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0.

CVSS: HIGH (8.5)

EPSS Score: 0.05%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2024-11078
code-projects Job Recruitment register.php cross site scripting
Description: A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e/role leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In code-projects Job Recruitment 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /register.php. Durch das Manipulieren des Arguments e/role mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.07%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2024-10405
Weak TLS Ciphers on Brocade SANnav port 443 & 18082
Description: Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocade Fabric OS switches performance data, port status, zoning information, WWNs, IP Addresses, but no customer data, no personal data and no secrets or passwords, as it travels across the network.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2024-10404
Clear text password seen in switch-asset-collectors-mw in Brocade SANnav supportsave
Description: CalInvocationHandler in Brocade SANnav before 2.3.1b logs sensitive information in clear text. The vulnerability could allow an authenticated, local attacker to view Brocade Fabric OS switch sensitive information in clear text. An attacker with administrative privileges could retrieve sensitive information including passwords; SNMP responses that contain AuthSecret and PrivSecret after collecting a “supportsave” or getting access to an already collected “supportsave”. NOTE: this issue exists because of an incomplete fix for CVE-2024-29952

CVSS: MEDIUM (5.5)

EPSS Score: 0.04%

Source: CVE
February 15th, 2025 (5 months ago)
If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish
Source: TheRegister
February 15th, 2025 (5 months ago)
SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN
Source: TheRegister
February 14th, 2025 (5 months ago)