CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-57099

Description: ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-57098

Description: Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-57097

Description: ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-57004

Description: Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-56946

Description: Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-56921

Description: An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon receipt of the Nausf_UEAuthentication_Authenticate response.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-56903

Description: A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to execute arbitrary operations via supplying a crafted HTTP request.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-56902

Description: An issue in Geovision GV-ASWeb with version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to be able to request information about other accounts via a crafted HTTP request.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-56901

Description: A Cross-Site Request Forgery (CSRF) in the Account Management component of Geovision GV-ASWeb version 6.1.1.0 or less allows attackers to arbitrarily create Admin accounts via a crafted GET request method.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-56898

Description: Incorrect access control in Geovision GV-ASWeb version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to manage and create new user accounts via supplying a crafted HTTP request.

CVSS: HIGH (8.1)

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)