CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-13189 |
Description: A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in ZeroWdd myblog 1.0 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. Durch das Manipulieren mit unbekannten Daten kann eine permission issues-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-13188 |
Description: A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine kritische Schwachstelle wurde in MicroWorld eScan Antivirus 7.0.32 für Linux ausgemacht. Davon betroffen ist unbekannter Code der Datei /opt/MicroWorld/var/ der Komponente Installation Handler. Mittels Manipulieren mit unbekannten Daten kann eine incorrect default permissions-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.8) EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-13187 |
Description: A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In Kingsoft WPS Office 6.14.0 für macOS wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Komponente TCC Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.8) EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-13186 |
Description: The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-13185 |
Description: The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-13173 |
Description: The health module has insufficient restrictions on loading URLs, which may lead to some information leakage.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-12855 |
Description: The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete posts, attachments and deactivate a license.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-12854 |
Description: The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (8.8) EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-12853 |
Description: The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (8.8) EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-12852 |
Description: The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ha_cmc_text' parameter of the Happy Mouse Cursor in all versions up to, and including, 3.15.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|