CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-11077 |
Description: A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in code-projects Job Recruitment 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /index.php. Mittels Manipulieren des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.17%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-11076 |
Description: A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /activation.php. The manipulation of the argument e_hash leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in code-projects Job Recruitment 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /activation.php. Mittels dem Manipulieren des Arguments e_hash mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.17%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-10815 |
Description: The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
CVSS: MEDIUM (4.2) EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-10525 |
Description: In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients.
CVSS: HIGH (7.2) EPSS Score: 0.07%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-10466 |
Description: By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
EPSS Score: 0.06%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-10215 |
Description: The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-10106 |
Description: A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin's buffer.
CVSS: LOW (3.7) EPSS Score: 0.04%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-55224 |
Description: An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-55224
https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4
https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5
https://insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5
https://github.com/advisories/GHSA-g5x8-v2ch-gj2g
EPSS Score: 0.05%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-55225 |
Description: An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-55225
https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4
https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5
https://insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5
https://github.com/dani-garcia/vaultwarden/commit/20d9e885bfcd7df7828d92c6e59ed5fe7b40a879
https://github.com/dani-garcia/vaultwarden/commit/37c14c3c69b244ec50f5c62b4c9260171607c1d8
https://github.com/advisories/GHSA-x7m9-mv49-fv73
EPSS Score: 0.05%
January 10th, 2025 (6 months ago)
|
|
CVE-2024-55226 |
Description: Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) vulnerability via the component /api/core/mod.rs.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-55226
https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.4
https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.5
https://insinuator.net/2024/11/vulnerability-disclosure-authentication-bypass-in-vaultwarden-versions-1-32-5
https://github.com/advisories/GHSA-vprm-27pv-jp3w
EPSS Score: 0.05%
January 10th, 2025 (6 months ago)
|