CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-51734 |
Description: Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to upgrade. Users unable to upgrade may address the issue by adding `data__roles__ = ()` to `AccessControl.userfolder.UserFolder`.
CVSS: HIGH (8.7) EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2024-51457 |
Description: IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS: MEDIUM (4.4) EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2024-42471 |
Description: actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.2 or higher. There are no known workarounds for this issue.
CVSS: HIGH (7.3) EPSS Score: 0.05%
January 23rd, 2025 (6 months ago)
|
|
CVE-2024-42013 |
Description: In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vulnerability. An attacker with Windows administrative or debugging privileges can patch a binary in memory or on disk to bypass the password login requirement and gain full access to all functions of the program.
EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2024-42012 |
Description: GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the user's password is compared to the user's decrypted cleartext password. An attacker with Windows admin or debugging rights can therefore steal the user's Blocky password and from there impersonate that local user.
EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2024-3623 |
Description: A flaw was found when using mirror-registry to install Quay. It uses a default database secret key, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same database secret key. This flaw allows a malicious actor to access sensitive information from Quay's database.
EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2024-34235 |
Description: Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the S1AP interface. An attacker may send an `Initial UE Message` missing a required `NAS_PDU` field to repeatedly crash the MME, resulting in denial of service.
EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2024-31903 |
Description: IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data.
CVSS: HIGH (8.8) EPSS Score: 0.05%
January 23rd, 2025 (6 months ago)
|
|
CVE-2024-24432 |
Description: A reachable assertion in the ogs_kdf_hash_mme function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2024-24430 |
Description: A reachable assertion in the mme_ue_find_by_imsi function of Open5GS <= 2.6.4 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet.
EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|