CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-35211 |
Description: A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”).
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2024-35210 |
Description: A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is not enforcing HSTS. This could allow an attacker to perform downgrade attacks exposing confidential information.
CVSS: MEDIUM (5.1) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2024-35209 |
Description: A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files.
CVSS: MEDIUM (6.2) EPSS Score: 0.05%
February 12th, 2025 (5 months ago)
|
|
CVE-2024-35206 |
Description: A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application does not expire the session. This could allow an attacker to get unauthorized access.
CVSS: HIGH (7.7) EPSS Score: 0.05%
February 12th, 2025 (5 months ago)
|
|
CVE-2024-33659 |
Description: AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and Availability.
CVSS: MEDIUM (5.7) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2024-33504 |
Description: A use of hard-coded cryptographic key to encrypt sensitive data vulnerability [CWE-321] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9, 7.0 all versions, 6.4 all versions may allow an attacker with JSON API access permissions to decrypt some secrets even if the 'private-data-encryption' setting is enabled.
CVSS: LOW (3.9) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2024-33469 |
Description: An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java.
EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2024-32085 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a before 5.20.0.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2024-32037 |
Description: GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch software in use. This information is valuable from a security point of view because it allows software used by the server to be easily identified. GeoNetwork 4.4.5 and 4.2.10 fix this issue. No known workarounds are available.
CVSS: NONE (0.0) EPSS Score: 0.05%
February 12th, 2025 (5 months ago)
|
|
CVE-2024-28989 |
Description: SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|