CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-37392 |
Description: A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SMS message, which gets executed when the SMS is viewed and specially interacted in web-GUI.
EPSS Score: 0.05%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-37372 |
Description: The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
CVSS: LOW (3.6) EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-3653 |
Description: A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.
EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-36148 |
Description: Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-35314 |
Description: A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts.
EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-3150 |
Description: In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint `/workspace/:slug/thread/:threadSlug/update`. Specifically, the application fails to validate or check user input before passing it to the `workspace_thread` Prisma model for execution. This oversight allows attackers to craft a Prisma relation query operation that manipulates the `users` model to change a user's role to admin. Successful exploitation grants attackers the highest level of user privileges, enabling them to see and perform all actions within the system.
CVSS: HIGH (8.1) EPSS Score: 0.06%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-27980 |
Description: Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.
CVSS: HIGH (8.1) EPSS Score: 0.05%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-27185 |
Description: The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors.
EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-27114 |
Description: A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02.
CVSS: HIGH (8.9) EPSS Score: 0.09%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-21875 |
Description: Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|