CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-12142

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Modicon M340 and BMXNOE0100/0110, BMXNOR0200H Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could cause information disclosure of a restricted web page, modification of a web page, and a denial of service when specific web pages are modified and restricted functions invoked. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Schneider Electric products, Modicon M340 and BMXNOE0100/0110, BMXNOR0200H, are affected: Modicon M340 processors (part numbers BMXP34*): All versions BMXNOE0100: All versions BMXNOE0110: All versions BMXNOR0200H: Versions prior to SV1.70IR26 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200 The affected products are vulnerable to an exposure of sensitive information to an unauthorized actor vulnerability, which could cause information disclosure of restricted web page, modification of web page, and denial of service when specific web pages are modified and restricted functions invoked. CVE-2024-12142 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critical Manufacturing, Energy COUNTRIES/ARE...

EPSS Score: 0.04%

Source: All CISA Advisories
February 4th, 2025 (5 months ago)
Source: TheRegister
February 4th, 2025 (5 months ago)

CVE-2024-45195

Description: Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access.

EPSS Score: 75.58%

Source: CISA KEV
February 4th, 2025 (5 months ago)

CVE-2024-29059

Description: Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.
Source: CISA KEV
February 4th, 2025 (5 months ago)

CVE-2018-9276

Description: Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console.
Source: CISA KEV
February 4th, 2025 (5 months ago)

CVE-2018-19410

Description: Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges (including administrator).
Source: CISA KEV
February 4th, 2025 (5 months ago)
Description: As the gateways to corporate networks, VPNs are an attractive target for attackers. Learn from Specops Software about how hackers use compromised VPN passwords and how you can protect your organization. [...]
Source: BleepingComputer
February 4th, 2025 (5 months ago)
Description: A 59-year-old man from Irvine, California, was sentenced to 87 months in prison for his involvement in an investor fraud ring that stole $50 million between 2012 and October 2020. [...]
Source: BleepingComputer
February 4th, 2025 (5 months ago)
Description: Organizations and development teams need to evolve from "being prepared" to "managing the risk" of security breaches.
Source: Dark Reading
February 4th, 2025 (5 months ago)
Description: A 404 Media reader made a PDF version of the World War II-era manual that's going viral right now.
Source: 404 Media
February 4th, 2025 (5 months ago)