CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-1019 |
Description: ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.
CVSS: HIGH (8.6) EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-0804 |
Description: Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVSS: HIGH (7.5) EPSS Score: 0.25%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-0762 |
Description: Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCore™ for select Intel platforms
This issue affects:
Phoenix
SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix
SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix
SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix
SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix
SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix
SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix
SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix
SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix
SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
CVSS: HIGH (7.5) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-0760 |
Description: A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack.
This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.
CVSS: HIGH (7.5) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-0670 |
Description: Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges
CVSS: HIGH (8.8) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-0224 |
Description: Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS: HIGH (8.8) EPSS Score: 0.22%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-0223 |
Description: Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS: HIGH (8.8) EPSS Score: 0.33%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-0222 |
Description: Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS: HIGH (8.8) EPSS Score: 0.27%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-1247 |
Description: A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-1247
https://access.redhat.com/security/cve/CVE-2025-1247
https://bugzilla.redhat.com/show_bug.cgi?id=2345172
https://github.com/quarkusio/quarkus/issues/45789
https://github.com/quarkusio/quarkus/commit/02ff9ed45c3928edf2a0f8b906543606fed7cd53
https://github.com/advisories/GHSA-phg3-gv66-q38x
CVSS: HIGH (8.3) EPSS Score: 0.05%
February 13th, 2025 (5 months ago)
|
|
CVE-2025-1247 |
Description: A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-1247
https://access.redhat.com/security/cve/CVE-2025-1247
https://bugzilla.redhat.com/show_bug.cgi?id=2345172
https://github.com/quarkusio/quarkus/issues/45789
https://github.com/quarkusio/quarkus/commit/02ff9ed45c3928edf2a0f8b906543606fed7cd53
https://github.com/advisories/GHSA-phg3-gv66-q38x
CVSS: HIGH (8.3) EPSS Score: 0.05%
February 13th, 2025 (5 months ago)
|