CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-49035

Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows - CVE-2024-49035 (CVSS score: 8.7) - An improper access control

CVSS: HIGH (8.7)

Source: TheHackerNews
February 26th, 2025 (5 months ago)

CVE-2025-22881

Description: Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.

CVSS: HIGH (8.4)

EPSS Score: 0.02%

Source: CVE
February 26th, 2025 (5 months ago)

CVE-2025-0889

Description: Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.

CVSS: HIGH (7.2)

EPSS Score: 0.01%

Source: CVE
February 26th, 2025 (5 months ago)

CVE-2025-0514

Description: Improper Input Validation vulnerability in The Document Foundation LibreOffice allows Windows Executable hyperlink targets to be executed unconditionally on activation.This issue affects LibreOffice: from 24.8 before < 24.8.5.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
February 25th, 2025 (5 months ago)

CVE-2025-27148

Description: Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. On Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. This library initialization could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. Gradle builds that rely on versions of net.rubygrapefruit:native-platform prior to 0.22-milestone-28 could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. In net.rubygrapefruit:native-platform prior to version 0.22-milestone-28, if the `Native.get(Class<>)` method was called, without calling `Native.init(File)` first, with a non-`null` argument used as working file path, then the library would initialize itself using the system temporary directory and NativeLibraryLocator.java lines 68 through 78. Version 0.22-milestone-28 has been released with changes that fix the problem. Initialization is now mandatory and no longer uses the system temporary directory, unless such a path is passed for initialization. The only workaround for affected versions is to make sure to do a proper initialization, using a location that is safe. Gradle 8.12, only that exact version, had codepaths where the initialization of the underlying native integration library took a default path, re...

CVSS: HIGH (8.8)

EPSS Score: 0.02%

Source: CVE
February 25th, 2025 (5 months ago)

CVE-2025-27110

Description: Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processing. A bug that exists only in Libmodsecurity3 version 3.0.13 means that, in 3.0.13, Libmodsecurity3 can't decode encoded HTML entities if they contains leading zeroes. Version 3.0.14 contains a fix. No known workarounds are available.

CVSS: HIGH (7.9)

EPSS Score: 0.04%

Source: CVE
February 25th, 2025 (5 months ago)

CVE-2024-0148

Description: NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. A successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. The scope of the impacts can extend to other components.

CVSS: HIGH (7.6)

EPSS Score: 0.02%

Source: CVE
February 25th, 2025 (5 months ago)

CVE-2024-45421

Description: CVE-2024-45421: Zoom Apps - Buffer Overflow

CVSS: HIGH (8.5)

EPSS Score: 0.05%

Source: DarkWebInformer
February 25th, 2025 (5 months ago)

CVE-2024-45421

Description: Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.

CVSS: HIGH (8.5)

EPSS Score: 0.05%

Source: CVE
February 25th, 2025 (5 months ago)

CVE-2024-36259

Description: Improper access control in mail module of Odoo Community 17.0 and Odoo Enterprise 17.0 allows remote authenticated attackers to extract sensitive information via an oracle-based (yes/no response) crafted attack.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
February 25th, 2025 (5 months ago)