CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-42185 |
Description: BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks. This allows an attacker to exploit this vulnerability by injecting malicious XML content, which can lead to various issues including denial of service and unauthorized access.
CVSS: LOW (2.5) EPSS Score: 0.04%
January 24th, 2025 (6 months ago)
|
|
CVE-2024-42184 |
Description: BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme.
CVSS: LOW (2.5) EPSS Score: 0.04%
January 24th, 2025 (6 months ago)
|
|
CVE-2024-42183 |
Description: BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability. It could allow a malicious operator to download files from arbitrary URLs without any proper validation or allowlist controls.
CVSS: LOW (2.5) EPSS Score: 0.04%
January 24th, 2025 (6 months ago)
|
|
CVE-2024-42182 |
Description: BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability. It may allow the application to download files from an internally hosted server on localhost.
CVSS: LOW (2.5) EPSS Score: 0.04%
January 24th, 2025 (6 months ago)
|
|
CVE-2024-26257 |
Description: Microsoft Excel Remote Code Execution Vulnerability
CVSS: HIGH (7.8) EPSS Score: 0.05%
January 24th, 2025 (6 months ago)
|
|
CVE-2024-26193 |
Description: Azure Migrate Remote Code Execution Vulnerability
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
January 24th, 2025 (6 months ago)
|
|
CVE-2024-13593 |
Description: The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmlt_meeting_map' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS: HIGH (7.5) EPSS Score: 0.06%
January 24th, 2025 (6 months ago)
|
|
CVE-2024-13511 |
Description: The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. The issue exists in the settings_init() function, which processes a reset action based on specific query parameters in the URL. The related delete_settings() function performs a faulty nonce validation check, making the reset operation insecure and susceptible to unauthorized access.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
January 24th, 2025 (6 months ago)
|
|
CVE-2024-13422 |
Description: The SEO Blogger to WordPress Migration using 301 Redirection plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 0.4.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.05%
January 24th, 2025 (6 months ago)
|
|
CVE-2024-13389 |
Description: The Cliptakes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cliptakes_input_email' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
January 24th, 2025 (6 months ago)
|