CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-28736 |
Description: An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-2859 |
Description: By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-2848 |
Description: The Responsive theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_footer_text_callback function in all versions up to, and including, 5.0.2. This makes it possible for unauthenticated attackers to inject arbitrary HTML content into the site's footer.
CVSS: HIGH (7.5) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28285 |
Description: A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28279 |
Description: Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28277 |
Description: In Sourcecodester School Task Manager v1.0, a vulnerability was identified within the subject_name= parameter, enabling Stored Cross-Site Scripting (XSS) attacks. This vulnerability allows attackers to manipulate the subject's name, potentially leading to the execution of malicious JavaScript payloads.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28276 |
Description: Sourcecodester School Task Manager 1.0 is vulnerable to Cross Site Scripting (XSS) via add-task.php?task_name=.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28184 |
Description: WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2.
CVSS: HIGH (7.4) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28182 |
Description: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28180 |
Description: Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|