CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0503 |
Description: Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs from the deleted channels endpoint which allows an attacker to infer user IDs and other metadata from deleted DMs if someone had manually marked DMs as deleted in the database.
CVSS: LOW (3.1) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2025-0178 |
Description: Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious JavaScript into responses sent by the Web UI.
This issue affects Fireware OS: from 12.0 up to and including 12.11.
CVSS: MEDIUM (5.1) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-9601 |
Description: The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ and 'UniqueID' parameter in all versions up to, and including, 1.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-8893 |
Description: Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully access the web interface of the inverter via Wi‑Fi.This issue affects GW1500‑XS: 1.1.2.1.
CVSS: HIGH (7.3) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-7052 |
Description: The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS: MEDIUM (4.8) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-57969 |
Description: app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-57790 |
Description: IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH.
EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-57778 |
Description: An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200.
CVSS: MEDIUM (5.1) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-57725 |
Description: An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint.
CVSS: MEDIUM (5.1) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-56973 |
Description: Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.
EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|