CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-23121 |
Description: A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-23120 |
Description: A maliciously crafted STP and STEP file when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-22315 |
Description: IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection.
CVSS: MEDIUM (4.0) EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-13527 |
Description: The Philantro – Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-13521 |
Description: The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the mas_options function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-13509 |
Description: The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: This vulnerability is partially fixed in 1.10.13 and completely fixed in 1.10.14.
CVSS: HIGH (7.2) EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-13484 |
Description: A flaw was found in ArgoCD. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied.
EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-13448 |
Description: The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-12807 |
Description: The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2024-12723 |
Description: The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|