CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-24756 |
Description: Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the `lib/public/` directory can be requested from the server. Instances running behind Cloudflare (including crafatar.com) are not affected. Instances using the Docker container as shown in the README are affected, but only files within the container can be read. By default, all of the files within the container can also be found in this repository and are not confidential. This vulnerability is patched in 2.1.5.
CVSS: HIGH (7.5) EPSS Score: 0.26% SSVC Exploitation: poc
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-24680 |
Description: An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings.
CVSS: HIGH (7.5) EPSS Score: 0.68% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-24591 |
Description: A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with.
CVSS: HIGH (8.0) EPSS Score: 0.25% SSVC Exploitation: poc
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-24468 |
Description: Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php.
CVSS: HIGH (8.8) EPSS Score: 2.3% SSVC Exploitation: poc
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-24259 |
Description: freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
CVSS: HIGH (7.5) EPSS Score: 0.18% SSVC Exploitation: poc
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-24113 |
Description: xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.
CVSS: HIGH (8.8) EPSS Score: 0.05% SSVC Exploitation: poc
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-23769 |
Description: Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data.
CVSS: HIGH (7.3) EPSS Score: 0.04% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-22667 |
Description: Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.
CVSS: HIGH (7.8) EPSS Score: 0.13% SSVC Exploitation: poc
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-22520 |
Description: An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets.
CVSS: HIGH (8.2) EPSS Score: 0.06% SSVC Exploitation: poc
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-22237 |
Description: Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system.
CVSS: HIGH (7.8) EPSS Score: 0.09% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|