CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-9491 |
Description: DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVSS: HIGH (8.6) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-9490 |
Description: DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVSS: HIGH (8.6) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-8914 |
Description: The Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 due to incorrect use of the wp_kses_allowed_html function, which allows the 'onclick' attribute for certain HTML elements without sufficient restriction or context validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: HIGH (7.2) EPSS Score: 0.05%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-6670 |
Description: In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
CVSS: CRITICAL (9.8) EPSS Score: 90.42%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-57595 |
Description: DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter "wps_pin" passed to the apc_client_pin.cgi binary through a POST request.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-57590 |
Description: TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter "ntp_server" passed to the "ntp_sync.cgi" binary through a POST request.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-57549 |
Description: CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the file parameter of a GET request.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-57548 |
Description: CMSimple 5.16 allows the user to edit log.php file via print page.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-57547 |
Description: Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-57546 |
Description: An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|