CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-13120 |
Description: The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-13119 |
Description: The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-1298 |
Description: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.
CVSS: MEDIUM (6.0) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-1284 |
Description: Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.2%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-1283 |
Description: Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.2%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-12586 |
Description: The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-12054 |
Description: ZF Roll Stability Support Plus (RSSPlus)
is vulnerable to an authentication bypass vulnerability targeting
deterministic RSSPlus SecurityAccess service seeds, which may allow an
attacker to remotely (proximal/adjacent with RF equipment or via pivot
from J2497 telematics devices) call diagnostic functions intended for
workshop or repair scenarios. This can impact system availability,
potentially degrading performance or erasing software, however the
vehicle remains in a safe vehicle state.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-12013 |
Description: A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform changes over resources exposed by the service such as configuration files where password hashes are saved or where network settings are stored.
CVSS: HIGH (7.6) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-12012 |
Description: A CWE-598 “Use of GET Request Method with Sensitive Query Strings” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 hash of the password as well as the session tokens are included as part of the URL and therefore exposed to information leakage scenarios. An attacker capable of accessing such values (e.g., victim browser, network traffic inspection) can exploit this vulnerability to leak both the password hash as well as session tokens and bypass the authentication mechanism using a pass-the-hash attack.
CVSS: MEDIUM (5.7) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-12011 |
Description: A CWE-126 “Buffer Over-read” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism.
CVSS: HIGH (7.6) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|