CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-49666

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3.

CVSS: HIGH (8.5)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-49655

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-49333

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.

CVSS: HIGH (8.5)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-49303

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.

CVSS: HIGH (8.5)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-49300

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-48392

Description: OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover.

EPSS Score: 0.05%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-45687

Description: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in Payara Platform Payara Server (Grizzly, REST Management Interface modules), Payara Platform Payara Micro (Grizzly modules) allows Manipulating State, Identity Spoofing.This issue affects Payara Server: from 4.1.151 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0; Payara Micro: from 4.1.152 through 4.1.2.191.51, from 5.20.0 through 5.70.0, from 5.2020.2 through 5.2022.5, from 6.2022.1 through 6.2024.12, from 6.0.0 through 6.21.0.

CVSS: LOW (2.4)

EPSS Score: 0.05%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-45478

Description: Stored XSS vulnerability in Edit Service Page of Apache Ranger UI in Apache Ranger Version 2.4.0. Users are recommended to upgrade to version Apache Ranger 2.5.0, which fixes this issue.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-45091

Description: IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.24, 7.1 through 7.1.2.10, and 7.2 through 7.2.3.13 stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs.

CVSS: MEDIUM (6.2)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-43771

Description: In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)