CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-57098 |
Description: Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57097 |
Description: ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57004 |
Description: Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-56946 |
Description: Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-56921 |
Description: An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon receipt of the Nausf_UEAuthentication_Authenticate response.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-56903 |
Description: A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to execute arbitrary operations via supplying a crafted HTTP request.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-56902 |
Description: An issue in Geovision GV-ASWeb with version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to be able to request information about other accounts via a crafted HTTP request.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-56901 |
Description: A Cross-Site Request Forgery (CSRF) in the Account Management component of Geovision GV-ASWeb version 6.1.1.0 or less allows attackers to arbitrarily create Admin accounts via a crafted GET request method.
CVSS: HIGH (8.8) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-56898 |
Description: Incorrect access control in Geovision GV-ASWeb version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to manage and create new user accounts via supplying a crafted HTTP request.
CVSS: HIGH (8.1) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-56161 |
Description: Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.
CVSS: HIGH (7.2) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|