CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-12127 |
Description: The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.05%
December 18th, 2024 (6 months ago)
|
|
CVE-2024-12024 |
Description: The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page.
Note: this vulnerability requires the "Guest Submissions" setting to be enabled. It is disabled by default.
CVSS: HIGH (7.2) EPSS Score: 0.06%
December 18th, 2024 (6 months ago)
|
|
CVE-2024-11999 |
Description: CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete
control of the device when an authenticated user installs malicious code into HMI product.
CVSS: HIGH (8.7) EPSS Score: 0.04%
December 18th, 2024 (6 months ago)
|
|
CVE-2024-11993 |
Description: Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.1.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20 and 7.1 GA through fix pack 28 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field
CVSS: MEDIUM (4.6) EPSS Score: 0.05%
December 18th, 2024 (6 months ago)
|
|
CVE-2024-11422 |
Description: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 18th, 2024 (6 months ago)
|
|
CVE-2024-11294 |
Description: The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 18th, 2024 (6 months ago)
|
|
CVE-2024-11280 |
Description: The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
December 18th, 2024 (6 months ago)
|
|
CVE-2024-10973 |
Description: A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information.
EPSS Score: 0.04%
December 18th, 2024 (6 months ago)
|
|
CVE-2024-10476 |
Description: Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsys™ Informatics
Solution is only in scope of
this vulnerability when
installed on a NUC server. BD Synapsys™
Informatics Solution installed
on a customer-provided virtual machine or on the BD Kiestra™ SCU hardware is
not in scope.
CVSS: HIGH (8.0) EPSS Score: 0.04%
December 18th, 2024 (6 months ago)
|
|
CVE-2024-10356 |
Description: The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
December 18th, 2024 (6 months ago)
|