CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-12297 |
Description: Moxa’s Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device.
CVSS: CRITICAL (9.2) EPSS Score: 0.04%
January 16th, 2025 (6 months ago)
|
|
CVE-2024-12084 |
Description: A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
EPSS Score: 0.06%
January 16th, 2025 (6 months ago)
|
|
CVE-2024-11870 |
Description: The Event Registration Calendar By vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.07%
January 16th, 2025 (6 months ago)
|
|
CVE-2024-11851 |
Description: The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to integers and not arbitrary values.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
January 16th, 2025 (6 months ago)
|
|
CVE-2024-11848 |
Description: The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of '1' which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition.
CVSS: HIGH (8.1) EPSS Score: 0.05%
January 16th, 2025 (6 months ago)
|
|
CVE-2024-11322 |
Description: A denial-of-service vulnerability exists in CyberPower PowerPanel Business (PPB) 4.11.0.
An unauthenticated remote attacker can restart the ppbd.exe process via the PowerPanel Business Service Watchdog service listening on TCP port 2003. The attacker can repeatedly restart ppbd.exe to render it unavailable.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 16th, 2025 (6 months ago)
|
|
CVE-2024-11029 |
Description: A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials.
EPSS Score: 0.05%
January 16th, 2025 (6 months ago)
|
|
CVE-2024-10775 |
Description: The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
January 16th, 2025 (6 months ago)
|
|
Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
January 16th, 2025 (6 months ago)
|
|
|
January 16th, 2025 (6 months ago)
|