CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-9133

Description: A user with administrator privileges is able to retrieve authentication tokens

CVSS: MEDIUM (6.6)

EPSS Score: 0.04%

Source: CVE
January 11th, 2025 (6 months ago)

CVE-2024-9132

Description: The administrator is able to configure an insecure captive portal script

CVSS: HIGH (8.1)

EPSS Score: 0.04%

Source: CVE
January 11th, 2025 (6 months ago)

CVE-2024-9131

Description: A user with administrator privileges can perform command injection

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
January 11th, 2025 (6 months ago)

CVE-2024-8929

Description: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

CVSS: MEDIUM (5.8)

EPSS Score: 0.04%

Source: CVE
January 11th, 2025 (6 months ago)

CVE-2024-7886

Description: A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. The vendor explains that a system must be breached before exploiting this issue. They are not planning on making any changes to address it. In Scooter Software Beyond Compare bis 3.3.5.15075 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion in der Bibliothek 7zxa.dll. Mittels dem Manipulieren mit unbekannten Daten kann eine uncontrolled search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Zur Zeit ist nicht genau klar, ob diese Schwachstelle in der besagten Form wirklich existiert.

CVSS: HIGH (8.5)

EPSS Score: 0.05%

Source: CVE
January 11th, 2025 (6 months ago)

CVE-2024-7594

Description: Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
January 11th, 2025 (6 months ago)

CVE-2024-7142

Description: On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them

CVSS: MEDIUM (4.6)

EPSS Score: 0.04%

Source: CVE
January 11th, 2025 (6 months ago)

CVE-2024-7095

Description: On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
January 11th, 2025 (6 months ago)

CVE-2024-6880

Description: During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms.  Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks.   This issue affects MegaBIP software versions below 5.15

CVSS: MEDIUM (6.9)

EPSS Score: 0.05%

Source: CVE
January 11th, 2025 (6 months ago)

CVE-2024-6662

Description: Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery (CSRF) as the form available under "/edytor/index.php?id=7,7,0" lacks protection mechanisms. A user could be tricked into visiting a malicious website, which would send POST request to this endpoint. If the victim is a logged in administrator, this could lead to creation of new accounts and granting of administrative permissions.

CVSS: HIGH (8.7)

EPSS Score: 0.05%

Source: CVE
January 11th, 2025 (6 months ago)