CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-13059 |
Description: A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when the filename transformation introduces '../' sequences, which are not sanitized by multer, allowing attackers with manager or admin roles to write files to arbitrary locations on the server.
CVSS: HIGH (7.2) EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-13011 |
Description: The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' function in versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-13010 |
Description: The WP Foodbakery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 4.7 due to insufficient input sanitization and output escaping on the 'search_type' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.05%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-12243 |
Description: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.
EPSS Score: 0.05%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-12133 |
Description: A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-11831 |
Description: A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-11621 |
Description: Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack.
Versions affected are :
Remote Desktop Manager macOS 2024.3.9.0 and earlier
Remote Desktop Manager Linux 2024.3.2.5 and earlier
Remote Desktop Manager Android 2024.3.3.7 and earlier
Remote Desktop Manager iOS 2024.3.3.0 and earlier
Remote Desktop Manager Powershell 2024.3.6.0 and earlier
CVSS: HIGH (8.8) EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-10941 |
Description: A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. This vulnerability affects Firefox < 126.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-10649 |
Description: wandb/openui latest commit c945bb859979659add5f490a874140ad17c56a5d contains a vulnerability where unauthenticated endpoints allow file uploads and downloads from an AWS S3 bucket. This can lead to multiple security issues including denial of service, stored XSS, and information disclosure. The affected endpoints are '/v1/share/{id:str}' for uploading and '/v1/share/{id:str}' for downloading JSON files. The lack of authentication allows any user to upload and overwrite files, potentially causing the S3 bucket to run out of space, injecting malicious scripts, and accessing sensitive information.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-10334 |
Description: A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.
An attacker who successfully exploited the vulnerability could, in the worst case scenario, stop or manipulate the video feed.
This issue affects System 800xA: 5.1.X; System 800xA: 6.0.3.X; System 800xA: 6.1.1.X; System 800xA: 6.2.X.
CVSS: HIGH (7.0) EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|