CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-23802 |
Description: A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.07% SSVC Exploitation: none
May 9th, 2025 (about 1 month ago)
|
|
CVE-2024-23795 |
Description: A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.05% SSVC Exploitation: none
May 9th, 2025 (about 1 month ago)
|
|
CVE-2024-22454 |
Description:
Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change
CVSS: HIGH (8.8) EPSS Score: 0.81% SSVC Exploitation: none
May 9th, 2025 (about 1 month ago)
|
|
CVE-2024-22130 |
Description: Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the appliaction data after successful exploitation.
CVSS: HIGH (7.6) EPSS Score: 0.28% SSVC Exploitation: none
May 9th, 2025 (about 1 month ago)
|
|
CVE-2024-22024 |
Description: An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.
CVSS: HIGH (8.3) EPSS Score: 94.32% SSVC Exploitation: poc
May 9th, 2025 (about 1 month ago)
|
|
CVE-2024-1163 |
Description: The attacker may exploit a path traversal vulnerability leading to information disclosure.
CVSS: HIGH (7.1) EPSS Score: 0.07% SSVC Exploitation: poc
May 9th, 2025 (about 1 month ago)
|
|
CVE-2024-24762 |
Description: `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.
CVSS: HIGH (7.5) EPSS Score: 1.8% SSVC Exploitation: poc
May 9th, 2025 (about 1 month ago)
|
|
CVE-2024-9524 |
Description: Link Following Local Privilege Escalation Vulnerability in System Speedup Service in Avira Operations GmbH Avira Prime Version 1.1.96.2 on Windows 10 x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 9th, 2025 (about 1 month ago)
|
|
CVE-2024-13962 |
Description: Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 9th, 2025 (about 1 month ago)
|
|
CVE-2024-13961 |
Description: Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 9th, 2025 (about 1 month ago)
|