CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-55517 |
Description: An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Input passed through the groupType parameter in /SCGController is mishandled before being used in SQL queries, allowing SQL injection in an authenticated session.
EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-55459 |
Description: An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.
EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-55412 |
Description: A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-55411 |
Description: An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests.
EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-55218 |
Description: IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.
EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-55008 |
Description: JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the attacker can trigger the account lockout mechanism on the account level, effectively locking the user out indefinitely. Since the lockout is applied to the user account and not based on the IP address, any attacker can trigger the lockout on any user account, regardless of their privileges.
EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-54819 |
Description: I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php
EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-54818 |
Description: SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list.
EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-54731 |
Description: cpdf through 2.8 allows stack consumption via a crafted PDF document.
CVSS: MEDIUM (4.0) EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-54676 |
Description: Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0
Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data.
Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.
EPSS Score: 0.18%
January 9th, 2025 (6 months ago)
|