CyberAlerts

CVE-2024-1610

OPPO Store app include remote account token hijacking and sensitive information leakage

Description: In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.

CVSS: HIGH (8.7)

EPSS Score: 0.04%

Source: CVE

December 19th, 2024 (5 months ago)

CVE-2024-12741

Deserialization Of Untrusted Data Vulnerability In NI DAAQAExpress Project File

Description: A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions.  Please note that DAQExpress is an EOL product and will not receive any updates.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

December 19th, 2024 (5 months ago)

CVE-2024-12698

Ose-olm-catalogd-container: incomplete fix for rapid reset (cve-2023-39325/cve-2023-44487)

Description: An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources.

EPSS Score: 0.04%

Source: CVE

December 19th, 2024 (5 months ago)

CVE-2024-12694

Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a...

Description: Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

EPSS Score: 0.04%

Source: CVE

December 19th, 2024 (5 months ago)

CVE-2024-12693

Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via...

Description: Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

EPSS Score: 0.04%

Source: CVE

December 19th, 2024 (5 months ago)

CVE-2024-12692

Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...

Description: Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

EPSS Score: 0.04%

Source: CVE

December 19th, 2024 (5 months ago)

CVE-2024-12686

Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)

🚨 Marked as known exploited on January 13th, 2025 (5 months ago).

Description: A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.

CVSS: MEDIUM (6.6)

EPSS Score: 6.18%

Source: CVE

December 19th, 2024 (5 months ago)

CVE-2024-12596

LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes <= 7.8.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

Description: The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE

December 19th, 2024 (5 months ago)

CVE-2024-1259

Juanpao JPShop API AppController.php unrestricted upload

Description: A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252998 is the identifier assigned to this vulnerability. Eine kritische Schwachstelle wurde in Juanpao JPShop bis 1.5.02 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei /api/controllers/admin/app/AppController.php der Komponente API. Durch das Beeinflussen des Arguments app_pic_url mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.07%

Source: CVE

December 19th, 2024 (5 months ago)

CVE-2024-12554

Peter’s Custom Anti-Spam <= 3.2.3 - Cross-Site Request Forgery via cas_register_post Function

Description: The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the cas_register_post() function. This makes it possible for unauthenticated attackers to blacklist emails via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

Source: CVE

December 19th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: