CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53266 |
Description: Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS. This has been patched in the latest version of Discourse core. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-48445 |
Description: An issue in compop.ca ONLINE MALL v.3.5.3 allows a remote attacker to execute arbitrary code via the rid, tid, et, and ts parameters.
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-48019 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Files or Directories Accessible to External Parties vulnerability in Apache Doris.
Application administrators can read arbitrary
files from the server filesystem through path traversal.
Users are recommended to upgrade to version 2.1.8, 3.0.3 or later, which fixes the issue.
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-45659 |
Description: IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-45658 |
Description: IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVSS: LOW (2.7) EPSS Score: 0.05%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-45657 |
Description: IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
CVSS: MEDIUM (5.0) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-45195 |
🚨 Marked as known exploited on February 4th, 2025 (5 months ago).
Description: Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
CVSS: HIGH (7.5) EPSS Score: 75.58%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-43187 |
Description: IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CVSS: MEDIUM (5.9) EPSS Score: 0.09%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-40891 |
🚨 Marked as known exploited on January 29th, 2025 (5 months ago).
Description: A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet.
CVSS: HIGH (8.8) EPSS Score: 4.13%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-40890 |
🚨 Marked as known exploited on February 11th, 2025 (5 months ago).
Description: A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.
CVSS: HIGH (8.8) EPSS Score: 4.13%
February 5th, 2025 (5 months ago)
|