CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-25571 |
Description: Improper input validation in some Intel(R) SPS firmware before SPS_E5_06.01.04.059.0 may allow a privileged user to potentially enable denial of service via local access.
CVSS: MEDIUM (4.6) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2024-24852 |
Description: Uncontrolled search path in some Intel(R) Ethernet Adapter Complete Driver Pack install before versions 29.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2024-24772 |
Description: A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.
Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.
CVSS: MEDIUM (4.3) EPSS Score: 0.1%
February 13th, 2025 (5 months ago)
|
|
CVE-2024-24582 |
Description: Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access.
CVSS: HIGH (8.7) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2024-23563 |
Description: HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
CVSS: LOW (3.9) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2024-21971 |
Description: Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2024-21859 |
Description: Improper buffer restrictions in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2024-21830 |
Description: Uncontrolled search path in some Intel(R) VPL software before version 2023.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2024-13821 |
Description: The WP Booking Calendar plugin for WordPress is vulnerable to Unauthenticated Post-Confirmation Booking Manipulation in all versions up to, and including, 10.10. This is due to the plugin not properly requiring re-verification after a booking has been made and a change is being attempted. This makes it possible for unauthenticated attackers to manipulate their confirmed bookings, even after they have been approved.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
February 13th, 2025 (5 months ago)
|
|
CVE-2024-13814 |
Description: The The Global Gallery - WordPress Responsive Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 9.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes.
CVSS: MEDIUM (5.4) EPSS Score: 0.06%
February 13th, 2025 (5 months ago)
|