CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-0503

Description: Mattermost versions 9.11.x <= 9.11.6 fail to filter out DMs from the deleted channels endpoint which allows an attacker to infer user IDs and other metadata from deleted DMs if someone had manually marked DMs as deleted in the database.

CVSS: LOW (3.1)

EPSS Score: 0.04%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2025-0178

Description: Improper Input Validation vulnerability in WatchGuard Fireware OS allows an attacker to manipulate the value of the HTTP Host header in requests sent to the Web UI. An attacker could exploit this vulnerability to redirect users to malicious websites, poison the web cache, or inject malicious JavaScript into responses sent by the Web UI. This issue affects Fireware OS: from 12.0 up to and including 12.11.

CVSS: MEDIUM (5.1)

EPSS Score: 0.04%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2024-9601

Description: The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ and 'UniqueID' parameter in all versions up to, and including, 1.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2024-8893

Description: Use of Hard-coded Credentials vulnerability in GoodWe Technologies Co., Ltd. GW1500‑XS allows anyone in physical proximity to the device to fully access the web interface of the inverter via Wi‑Fi.This issue affects GW1500‑XS: 1.1.2.1.

CVSS: HIGH (7.3)

EPSS Score: 0.04%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2024-7052

Description: The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVSS: MEDIUM (4.8)

EPSS Score: 0.04%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2024-57969

Description: app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2024-57790

Description: IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH.

EPSS Score: 0.04%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2024-57778

Description: An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200.

CVSS: MEDIUM (5.1)

EPSS Score: 0.04%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2024-57725

Description: An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the GPON link value without authentication, causing an internet service disruption via the /firstconnection.cgi endpoint.

CVSS: MEDIUM (5.1)

EPSS Score: 0.04%

Source: CVE
February 15th, 2025 (5 months ago)

CVE-2024-56973

Description: Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.

EPSS Score: 0.04%

Source: CVE
February 15th, 2025 (5 months ago)