CyberAlerts

CVE-2024-6655

Description: A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory.

EPSS Score: 0.05%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-6601

A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128,...

Description: A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-55268

A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management...

Description: A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-54750

Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Description: Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-54749

Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Description: Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-54747

WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

Description: WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-54216

WordPress ARForms plugin <= 6.4.1 - Subscriber+ Arbitrary File Read vulnerability

Description: Path Traversal vulnerability in NotFound ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1.

CVSS: HIGH (7.7)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-54214

WordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerability

Description: Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18.

CVSS: CRITICAL (10.0)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-54213

WordPress WordPress Page Builder – Zion Builder plugin <= 3.6.12 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.12.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-54212

WordPress Magical Addons For Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.2.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-6655	Gtk3: gtk2: library injection from cwd Description: A flaw was found in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory. EPSS Score: 0.05% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-6601	A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128,... Description: A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-55268	A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management... Description: A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter. CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-54750	Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Description: Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-54749	Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Description: Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-54747	WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Description: WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-54216	WordPress ARForms plugin <= 6.4.1 - Subscriber+ Arbitrary File Read vulnerability Description: Path Traversal vulnerability in NotFound ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1. CVSS: HIGH (7.7) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-54214	WordPress Revy plugin <= 1.18 - Unauthenticated Arbitrary File Upload vulnerability Description: Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18. CVSS: CRITICAL (10.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-54213	WordPress WordPress Page Builder – Zion Builder plugin <= 3.6.12 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.12. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-54212	WordPress Magical Addons For Elementor plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.2.6. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)