CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-49644 |
Description: Incorrect Privilege Assignment vulnerability in AllAccessible Team Accessibility by AllAccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a through 1.3.4.
CVSS: HIGH (8.8) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-49633 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-49294 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Cross Site Request Forgery.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through 5.4.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-49249 |
Description: Path Traversal vulnerability in SMSA Express SMSA Shipping allows Path Traversal.This issue affects SMSA Shipping: from n/a through 2.3.
CVSS: HIGH (8.6) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-49222 |
Description: Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-48987 |
Description: Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.
EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-48245 |
Description: Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php.
EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-47398 |
Description: in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write.
CVSS: HIGH (8.8) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-46622 |
Description: An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion.
EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-46603 |
Description: An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (DoS) via a crafted XML payload.
EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|