CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54761 |
Description: BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter.
EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-54724 |
Description: PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.
EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-5469 |
Description: DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests.
CVSS: LOW (3.1) EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-53706 |
Description: A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution.
EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-53705 |
Description: A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.
EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-53704 |
🚨 Marked as known exploited on February 18th, 2025 (5 months ago).
Description: An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-53564 |
Description: A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what high-privilege administrators are intentionally allowed to do.
CVSS: LOW (2.2) EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-5249 |
Description: In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-52286 |
Description: Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code in the context of the user. The issue stems to the code starting at `Line 24` in `src/main/resources/static/js/merge.js`. The file name is directly being input into InnerHTML with no sanitization on the file name, allowing a malicious user to be able to upload files with names containing HTML tags. As HTML tags can include JavaScript code, this can be used to execute JavaScript code in the context of the user. This is a self-injection style attack and relies on a user uploading the malicious file themselves and it impact only them, not other users. A user might be social engineered into running this to launch a phishing attack. Nevertheless, this breaks the expected security restrictions in place by the application. This issue has been addressed in version 0.32.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: LOW (2.0) EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-51229 |
Description: Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function.
EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|