CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-58126 |
Description: Access control vulnerability in the security verification module
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVSS: HIGH (8.4) EPSS Score: 0.01%
April 7th, 2025 (3 months ago)
|
|
CVE-2024-58125 |
Description: Access control vulnerability in the security verification module
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVSS: HIGH (8.4) EPSS Score: 0.01%
April 7th, 2025 (3 months ago)
|
|
CVE-2024-58124 |
Description: Access control vulnerability in the security verification module
Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVSS: HIGH (8.4) EPSS Score: 0.01%
April 7th, 2025 (3 months ago)
|
|
CVE-2024-58112 |
Description: Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS: HIGH (7.5) EPSS Score: 0.03%
April 7th, 2025 (3 months ago)
|
|
CVE-2024-58111 |
Description: Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS: HIGH (7.5) EPSS Score: 0.03%
April 7th, 2025 (3 months ago)
|
|
CVE-2024-58107 |
Description: Buffer overflow vulnerability in the codec module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS: HIGH (7.5) EPSS Score: 0.02%
April 7th, 2025 (3 months ago)
|
|
CVE-2025-3328 |
Description: A vulnerability was found in Tenda AC1206 15.03.06.23. It has been classified as critical. Affected is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid/timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Es wurde eine kritische Schwachstelle in Tenda AC1206 15.03.06.23 ausgemacht. Es betrifft die Funktion form_fast_setting_wifi_set der Datei /goform/fast_setting_wifi_set. Mittels Manipulieren des Arguments ssid/timeZone mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.08%
April 7th, 2025 (3 months ago)
|
|
CVE-2025-31492 |
Description: mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure are an OIDCProviderAuthRequestMethod POST, a valid account, and there mustn't be any application-level gateway (or load balancer etc) protecting the server. When you request a protected resource, the response includes the HTTP status, the HTTP headers, the intended response (the self-submitting form), and the protected resource (with no headers). This is an example of a request for a protected resource, including all the data returned. In the case where mod_auth_openidc returns a form, it has to return OK from check_userid so as not to go down the error path in httpd. This means httpd will try to issue the protected resource. oidc_content_handler is called early, which has the opportunity to prevent the normal output being issued by httpd. oidc_content_handler has a number of checks for when it intervenes, but it doesn't check for this case, so the handler returns DECLINED. Consequently, httpd appends the protected content to the response. The issue has been patched in mod_auth_openidc versions >= 2.4.16.11.
CVSS: HIGH (8.2) EPSS Score: 0.4%
April 6th, 2025 (3 months ago)
|
|
CVE-2025-2260 |
Description: In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before
version 6.4.3, an attacker can cause a denial of service by specially
crafted packets. The core issue is missing closing of a file in case of
an error condition, resulting in the 404 error for each further file
request. Users can work-around the issue by disabling the PUT request
support.
This issue follows an incomplete fix of CVE-2025-0726.
CVSS: HIGH (7.1) EPSS Score: 0.03%
April 6th, 2025 (3 months ago)
|
|
CVE-2024-12905 |
Description:
Nessus Plugin ID 233940 with High Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-f7671643c4 advisory. Fix CVE-2024-12905.Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected yarnpkg package.
Read more at https://www.tenable.com/plugins/nessus/233940
CVSS: HIGH (7.5) EPSS Score: 1.26%
April 6th, 2025 (3 months ago)
|