CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-12245 |
Description: Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables.
CVSS: HIGH (8.7) EPSS Score: 0.06%
March 14th, 2025 (4 months ago)
|
|
CVE-2024-12019 |
Description: The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. An account with ‘read’ and ‘download’ privileges on at least one existing document in the application is required to exploit the vulnerability. Exploitation of this vulnerability would allow an attacker to read the contents of any file available within the privileges of the system user running the application.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 14th, 2025 (4 months ago)
|
|
CVE-2024-0015 |
Description: In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
CVSS: HIGH (7.8) EPSS Score: 1.88% SSVC Exploitation: none
March 14th, 2025 (4 months ago)
|
|
CVE-2024-54448 |
Description: The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting is needed to carry out the attack. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC.
CVSS: HIGH (8.6) EPSS Score: 0.06%
March 14th, 2025 (4 months ago)
|
|
CVE-2024-54447 |
Description: Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables.
CVSS: HIGH (7.1) EPSS Score: 0.03%
March 14th, 2025 (4 months ago)
|
|
CVE-2024-54446 |
Description: Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables.
CVSS: HIGH (7.1) EPSS Score: 0.03%
March 14th, 2025 (4 months ago)
|
|
CVE-2024-54445 |
Description: Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables.
CVSS: HIGH (8.7) EPSS Score: 0.07%
March 14th, 2025 (4 months ago)
|
|
CVE-2024-0029 |
Description: In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS: HIGH (7.8) EPSS Score: 0.02% SSVC Exploitation: none
March 14th, 2025 (4 months ago)
|
|
Description: Impact
Calling setTimer in Azle versions 0.27.0, 0.28.0, and 0.29.0 causes an immediate infinite loop of timers to be executed on the canister, each timer attempting to clean up the global state of the previous timer.
The infinite loop will occur with any valid invocation of setTimer.
Patches
The problem has been fixed as of Azle version 0.30.0.
Workarounds
If a canister is caught in this infinite loop after calling setTimer, the canister can be upgraded and the timers will all be cleared, thus ending the loop.
References
https://github.com/demergent-labs/azle/security/advisories/GHSA-xc76-5pf9-mx8m
https://nvd.nist.gov/vuln/detail/CVE-2025-29776
https://github.com/demergent-labs/azle/releases/tag/0.30.0
https://github.com/advisories/GHSA-xc76-5pf9-mx8m
CVSS: HIGH (8.7) EPSS Score: 0.05%
March 14th, 2025 (4 months ago)
|
|
CVE-2024-31956 |
Description: An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds Write.
CVSS: HIGH (8.4) EPSS Score: 0.05% SSVC Exploitation: none
March 14th, 2025 (4 months ago)
|