CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-45731 |
Description: In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could write a file to the Windows system root directory, which has a default location in the Windows System32 folder, when Splunk Enterprise for Windows is installed on a separate drive.
CVSS: HIGH (8.0) EPSS Score: 0.05%
January 3rd, 2025 (7 months ago)
|
|
CVE-2024-45617 |
Description: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.
Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
EPSS Score: 0.04%
January 3rd, 2025 (7 months ago)
|
|
CVE-2024-45616 |
Description: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs.
The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.
EPSS Score: 0.04%
January 3rd, 2025 (7 months ago)
|
|
CVE-2024-45615 |
Description: A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.
The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).
EPSS Score: 0.04%
January 3rd, 2025 (7 months ago)
|
|
CVE-2024-43927 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Till Krüss Email Address Encoder allows Cross Site Request Forgery.This issue affects Email Address Encoder: from n/a through 1.0.23.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 3rd, 2025 (7 months ago)
|
|
CVE-2024-39623 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro allows Authentication Bypass.This issue affects ListingPro: from n/a through 2.9.4.
CVSS: HIGH (8.8) EPSS Score: 0.04%
January 3rd, 2025 (7 months ago)
|
|
CVE-2024-38790 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Smartsupp Smartsupp – live chat, chatbots, AI and lead generation allows Cross Site Request Forgery.This issue affects Smartsupp – live chat, chatbots, AI and lead generation: from n/a through 3.6.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 3rd, 2025 (7 months ago)
|
|
CVE-2024-38789 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through 3.8.2.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 3rd, 2025 (7 months ago)
|
|
CVE-2024-38778 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search.This issue affects WP Fast Total Search: from n/a through 1.69.234.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 3rd, 2025 (7 months ago)
|
|
CVE-2024-38766 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Matomo Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from n/a through 5.1.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 3rd, 2025 (7 months ago)
|