CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-56337
Apache Tomcat: RCE due to TOCTOU issue in JSP compilation - CVE-2024-50379 mitigation was incomplete
Description: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat: - running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true) - running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false) - running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can.

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (7 months ago)

CVE-2024-56265
WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWeb WooCommerce PDF Vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (7 months ago)

CVE-2024-56256
WordPress Embed PDF Viewer plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Fragen Embed PDF Viewer allows Stored XSS.This issue affects Embed PDF Viewer: from n/a through 2.3.1.

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (7 months ago)

CVE-2024-56235
WordPress Coupon plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coupon Plugin Coupon allows DOM-Based XSS.This issue affects Coupon: from n/a through 1.2.1.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (7 months ago)

CVE-2024-56234
WordPress VW Automobile Lite theme <= 2.1 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in VW THEMES VW Automobile Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Automobile Lite: from n/a through 2.1.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (7 months ago)

CVE-2024-56233
WordPress Kintpv Wooconnect plugin <= 8.129 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kinhelios Kintpv Wooconnect allows Stored XSS.This issue affects Kintpv Wooconnect: from n/a through 8.129.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (7 months ago)

CVE-2024-56232
WordPress WP Nice Loader plugin <= 0.1.0.4 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Alexander Volkov WP Nice Loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through 0.1.0.4.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (7 months ago)

CVE-2024-56231
WordPress SaasPricing plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debuggers Studio SaasPricing allows DOM-Based XSS.This issue affects SaasPricing: from n/a through 1.1.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (7 months ago)

CVE-2024-56230
WordPress Dynamic Product Category Grid, Slider for WooCommerce plugin <= 1.1.3 - Local File Inclusion vulnerability
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dynamic Web Lab Dynamic Product Category Grid, Slider for WooCommerce allows PHP Local File Inclusion.This issue affects Dynamic Product Category Grid, Slider for WooCommerce: from n/a through 1.1.3.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (7 months ago)

CVE-2024-56229
WordPress SearchIQ plugin <= 4.6 - Cross-Site Requst Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.6.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
January 1st, 2025 (7 months ago)