CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-51417 |
Description: An issue in System.Linq.Dynamic.Core before 1.6.0 allows remote access to properties on reflection types and static properties/fields.
EPSS Score: 0.05%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-50697 |
Description: In SunGrow WiNet-SV200.001.00.P027 and earlier versions, when decrypting MQTT messages, the code that parses specific TLV fields does not have sufficient bounds checks. This may result in a stack-based buffer overflow.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-50603 |
🚨 Marked as known exploited on January 13th, 2025 (6 months ago).
Description: An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
CVSS: CRITICAL (10.0) EPSS Score: 92.43%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-50313 |
Description: A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.15 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The basic authentication implementation of affected applications contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-48841 |
Description: Network access can be used to execute arbitrary code with elevated privileges.
This
issue affects FLXEON 9.3.4 and older.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-48662 |
Description: Cross Site Scripting vulnerability in AdGuard Application v.7.18.1 (4778) and before allows an attacker to execute arbitrary code via a crafted payload to the fontMatrix component.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-48420 |
Description: Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Buffer Overflow via /goform/getWifiBasic.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-48419 |
Description: Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Specifically, these issues can be triggered through /goform/tracerouteDiagnosis, /goform/pingDiagnosis, and /goform/fromSysToolPingCmd Each of these issues allows an attacker with access to the web interface to inject and execute arbitrary shell commands, with "root" privileges.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-48418 |
Description: In Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06, the request /goform/fromSetDDNS does not properly handle special characters in any of user provided parameters, allowing an attacker with access to the web interface to inject and execute arbitrary shell commands.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-48417 |
Description: Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 is vulnerable to Cross Site Scripting (XSS) in : /bin/goahead via /goform/setStaticRoute, /goform/fromSetFilterUrlFilter, and /goform/fromSetFilterClientFilter.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|