CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0696 |
Description: A NULL Pointer Dereference vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 28th, 2025 (6 months ago)
|
|
CVE-2025-0695 |
Description: An Allocation of Resources Without Limits or Throttling vulnerability in Cesanta Frozen versions less than 1.7 allows an attacker to induce a crash of the component embedding the library by supplying a maliciously crafted JSON as input.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 28th, 2025 (6 months ago)
|
|
CVE-2025-0357 |
Description: The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 28th, 2025 (6 months ago)
|
|
CVE-2025-0350 |
Description: The Divi Carousel Maker – Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
January 28th, 2025 (6 months ago)
|
|
CVE-2024-9675 |
Description: A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
EPSS Score: 0.04%
January 28th, 2025 (6 months ago)
|
|
CVE-2024-9499 |
Description: DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVSS: HIGH (8.6) EPSS Score: 0.04%
January 28th, 2025 (6 months ago)
|
|
CVE-2024-9498 |
Description: DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK
installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVSS: HIGH (8.6) EPSS Score: 0.04%
January 28th, 2025 (6 months ago)
|
|
CVE-2024-9497 |
Description: DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK
installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVSS: HIGH (8.6) EPSS Score: 0.04%
January 28th, 2025 (6 months ago)
|
|
CVE-2024-9496 |
Description: DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit
installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVSS: HIGH (8.6) EPSS Score: 0.04%
January 28th, 2025 (6 months ago)
|
|
CVE-2024-9495 |
Description: DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows
installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.
CVSS: HIGH (8.6) EPSS Score: 0.04%
January 28th, 2025 (6 months ago)
|