CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56902 |
Description: An issue in Geovision GV-ASWeb with version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to be able to request information about other accounts via a crafted HTTP request.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-56901 |
Description: A Cross-Site Request Forgery (CSRF) in the Account Management component of Geovision GV-ASWeb version 6.1.1.0 or less allows attackers to arbitrarily create Admin accounts via a crafted GET request method.
CVSS: HIGH (8.8) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-56898 |
Description: Incorrect access control in Geovision GV-ASWeb version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to manage and create new user accounts via supplying a crafted HTTP request.
CVSS: HIGH (8.1) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-56161 |
Description: Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.
CVSS: HIGH (7.2) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-55456 |
Description: lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-54840 |
Description: PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.
CVSS: MEDIUM (4.2) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-53943 |
Description: An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current user by injecting JavaScript into the SSID field. If an administrator logs into the device, the injected script runs in their browser, executing the malicious payload.
EPSS Score: 0.05%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-53942 |
Description: An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on the device (with root-level permissions) via crafted input.
EPSS Score: 0.05%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-50656 |
Description: itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-50500 |
Description: Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.2.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|