CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0444 |
Description: Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0413 |
Description: Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability.
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.
The specific flaw exists within the Technical Data Reporter component. By creating a symbolic link, an attacker can abuse the service to change the permissions of arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-25014.
CVSS: HIGH (7.8) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0368 |
Description: The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users.
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0364 |
Description: BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-9644 |
Description: The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an
authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-9643 |
Description: The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-8125 |
Description: Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection.
A bad actor with the required OpenText Content Management privileges (not root) could expose
the vulnerability to carry out a remote code execution attack on the target system.
This issue affects Content Management (Extended ECM): from 10.0 through 24.4
with WebReports module
installed and enabled.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-56328 |
Description: Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP, disable inline Oneboxes globally, or allow specific domains for Oneboxing.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-56197 |
Description: Discourse is an open source platform for community discussion. PM titles and metadata can be read by other users when the "PM tags allowed for groups" option is enabled, the other user is a member of a group added to this option, and the PM has been tagged. This issue has been patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. Users are advised to upgrade. Users unable to upgrade should remove all groups from the the "PM tags allowed for groups" option.
CVSS: LOW (2.2) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-55948 |
Description: Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.
CVSS: HIGH (8.2) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|