CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0321 |
Description: The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-0290 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-0065 |
Description: Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection.
CVSS: HIGH (7.8) EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-9500 |
Description: A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management.
CVSS: HIGH (7.2) EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-8401 |
Description: CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
vulnerability exists when an authenticated attacker modifies folder names within the context of
the product.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-7995 |
Description: A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution.
CVSS: HIGH (7.8) EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-7994 |
Description: A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.06%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-7993 |
Description: A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-7881 |
Description: An unprivileged context can trigger a data
memory-dependent prefetch engine to fetch the contents of a privileged location
and consume those contents as an address that is also dereferenced.
EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-6351 |
Description: A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|