CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-27980	Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject... Description: Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. CVSS: HIGH (8.1) EPSS Score: 0.05% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-27185	[20240802] - Core - Cache Poisoning in Pagination Description: The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-27114	Remote Code Execution through File Upload in SOPlanning before 1.52.02 Description: A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02. CVSS: HIGH (8.9) EPSS Score: 0.09% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-21875	DoS attack when broadcasting billboard messages Description: Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-21538	Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization.... Description: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. CVSS: HIGH (7.5) EPSS Score: 0.05% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-13312	Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076 Description: Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-13311	Allow All File Extensions for file fields - Critical - Unsupported - SA-CONTRIB-2024-075 Description: Vulnerability in Drupal Allow All File Extensions for file fields.This issue affects Allow All File Extensions for file fields: .. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-13310	Git Utilities for Drupal - Critical - Unsupported - SA-CONTRIB-2024-074 Description: Vulnerability in Drupal Git Utilities for Drupal.This issue affects Git Utilities for Drupal: .. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-13309	Login Disable - Critical - Access bypass - SA-CONTRIB-2024-073 Description: Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)
CVE-2024-13308	Browser Back Button - Moderately critical - Cross site scripting - SA-CONTRIB-2024-072 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issue affects Browser Back Button: from 1.0.0 before 2.0.2. EPSS Score: 0.04% Source: CVE January 10th, 2025 (6 months ago)