CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2021-35196
Linux Distros Unpatched Vulnerability : CVE-2021-35196
Description: Nessus Plugin ID 223937 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an untrusted project file (CVE-2021-35196)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/223937

CVSS: HIGH (7.8)

Source: Tenable Plugins
March 5th, 2025 (4 months ago)

CVE-2021-32136
Linux Distros Unpatched Vulnerability : CVE-2021-32136
Description: Nessus Plugin ID 223938 with High Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. (CVE-2021-32136)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/223938

CVSS: HIGH (7.8)

Source: Tenable Plugins
March 5th, 2025 (4 months ago)

CVE-2024-0114
NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative...
Description: NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS: HIGH (8.1)

EPSS Score: 0.01%

Source: CVE
March 5th, 2025 (4 months ago)

CVE-2025-21092
GMOD Apollo Incorrect Privilege Assignment
Description: GMOD Apollo does not have sufficient logical or access checks when updating a user's information. This could result in an attacker being able to escalate privileges for themselves or others.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE
March 5th, 2025 (4 months ago)

CVE-2025-1080
Macro URL arbitrary script execution
Description: LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.

CVSS: HIGH (7.2)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
March 4th, 2025 (4 months ago)

CVE-2025-1259
On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected.
Description: On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available

CVSS: HIGH (7.7)

EPSS Score: 0.03%

Source: CVE
March 4th, 2025 (4 months ago)

CVE-2024-41147
An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially...
Description: An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially crafted .flac file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVSS: HIGH (7.7)

EPSS Score: 0.05%

Source: CVE
March 4th, 2025 (4 months ago)

CVE-2024-10930
Carrier Block Load Privilege Escalation
Description: An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.

CVSS: HIGH (7.1)

EPSS Score: 0.07%

Source: CVE
March 4th, 2025 (4 months ago)

CVE-2025-1424
Privilege Escalation Through SUID Binary and Developer Mode
Description: A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device. This issue affects InkPad Color 3 in version U743k3.6.8.3671.

CVSS: HIGH (8.6)

EPSS Score: 0.02%

SSVC Exploitation: poc

Source: CVE
March 4th, 2025 (4 months ago)

CVE-2024-9149
SQLi in Wind Media's E-Commerce Website Template
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection.This issue affects E-Commerce Website Template: before v1.5.

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: CVE
March 4th, 2025 (4 months ago)