CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-12477
Avada Builder <= 3.11.11 - Authenticated (Contributor+) Stored Cross-Site Scripting in Multiple Widgets
Description: The Avada Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.11.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
January 23rd, 2025 (6 months ago)

CVE-2024-12117
Stackable – Page Builder Gutenberg Blocks <= 3.13.11 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description: The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter of the Button block in all versions up to, and including, 3.13.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
January 23rd, 2025 (6 months ago)

CVE-2024-11218
Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile
Description: A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

EPSS Score: 0.05%

Source: CVE
January 23rd, 2025 (6 months ago)

CVE-2024-11166
Traffic Alert and Collision Avoidance System (TCAS) II has an External Control of System or Configuration Setting vulnerability
Description: For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 23rd, 2025 (6 months ago)

CVE-2024-10929
Spectre-BSE
Description: In certain circumstances, an issue in Arm Cortex-A72 (revisions before r1p0), Cortex-A73 and Cortex-A75 may allow an adversary to gain a weak form of control over the victim's branch history.

EPSS Score: 0.04%

Source: CVE
January 23rd, 2025 (6 months ago)

CVE-2024-10761
Umbraco CMS Dashboard frame cross site scripting
Description: A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.8.8, 13.5.3, 14.3.2 and 15.1.2 is able to address this issue. It is recommended to upgrade the affected component. Es wurde eine problematische Schwachstelle in Umbraco CMS bis 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1 ausgemacht. Es betrifft eine unbekannte Funktion der Datei /Umbraco/preview/frame?id{} der Komponente Dashboard. Durch Beeinflussen des Arguments culture mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 10.8.8, 13.5.3, 14.3.2 and 15.1.2 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

CVSS: MEDIUM (6.9)

EPSS Score: 0.1%

Source: CVE
January 23rd, 2025 (6 months ago)
Viral 'Challah Horse' Image Zuckerberg Loved Was Originally Created as a Warning About Facebook's AI Slop
Description: "Challah Horse" was a Polish meme warning about Facebook AI spam 'targeted at susceptible people' that was stolen by a spam page targeted at susceptible people.
Source: 404 Media
January 23rd, 2025 (6 months ago)
Orange County USA Man Sentenced to Over Six Years for Drug Trafficking and Unlawful Firearm Sales on the Dark Web
Description: Orange County USA Man Sentenced to Over Six Years for Drug Trafficking and Unlawful Firearm Sales on the Dark Web
Source: DarkWebInformer
January 22nd, 2025 (6 months ago)
Daily Dose of Dark Web Informer - January 22nd, 2025
Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
Source: DarkWebInformer
January 22nd, 2025 (6 months ago)
Critical zero-days impact premium WordPress real estate plugins
Description: The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges. [...]
Source: BleepingComputer
January 22nd, 2025 (6 months ago)