CyberAlerts

CVE-2025-48493

Yii 2 Redis may expose AUTH paramters in logs in case of connection failure

Description: The Yii 2 Redis extension provides the redis key-value store support for the Yii framework 2.0. On failing connection, the extension writes commands sequence to logs. Prior to version 2.0.20, AUTH parameters are written in plain text exposing username and password. That might be an issue if attacker has access to logs. Version 2.0.20 fixes the issue.

CVSS: MEDIUM (5.1)

EPSS Score: 0.04%

Source: CVE

June 5th, 2025 (3 days ago)

CVE-2024-22919

swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587.

Description: swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587.

CVSS: HIGH (7.8)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE

June 5th, 2025 (3 days ago)

CVE-2024-22911

A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602.

Description: A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602.

CVSS: HIGH (7.8)

EPSS Score: 0.06%

SSVC Exploitation: poc

Source: CVE

June 5th, 2025 (3 days ago)

CVE-2024-22895

DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.

Description: DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php.

CVSS: HIGH (8.8)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE

June 5th, 2025 (3 days ago)

CVE-2024-22817

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte

Description: FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte

CVSS: HIGH (8.8)

EPSS Score: 0.06%

SSVC Exploitation: poc

Source: CVE

June 5th, 2025 (3 days ago)

CVE-2024-22795

Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck...

Description: Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.

CVSS: HIGH (7.0)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE

June 5th, 2025 (3 days ago)

CVE-2024-22773

Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login...

Description: Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass.

CVSS: HIGH (8.1)

EPSS Score: 0.07%

SSVC Exploitation: poc

Source: CVE

June 5th, 2025 (3 days ago)

CVE-2024-22720

Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature.

Description: Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature.

CVSS: MEDIUM (4.8)

EPSS Score: 0.05%

SSVC Exploitation: poc

Source: CVE

June 5th, 2025 (3 days ago)

CVE-2024-22699

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save.

Description: FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save.

CVSS: HIGH (8.8)

EPSS Score: 0.15%

SSVC Exploitation: poc

Source: CVE

June 5th, 2025 (3 days ago)

CVE-2024-22548

FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section.

Description: FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section.

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE

June 5th, 2025 (3 days ago)

Threat and Vulnerability Intelligence Database

Example Searches: