CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-20882 |
Description: Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
CVSS: HIGH (7.0) EPSS Score: 0.05%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-20881 |
Description: Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
CVSS: HIGH (7.0) EPSS Score: 0.05%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-1003 |
Description: A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability.
CVSS: HIGH (8.5) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0509 |
Description: A security issue was found in Sparkle before version 2.64. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
CVSS: HIGH (7.3) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0413 |
Description: Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability.
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.
The specific flaw exists within the Technical Data Reporter component. By creating a symbolic link, an attacker can abuse the service to change the permissions of arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-25014.
CVSS: HIGH (7.8) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-55948 |
Description: Discourse is an open source platform for community discussion. In affected versions an attacker can make craft an XHR request to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.
CVSS: HIGH (8.2) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-45195 |
🚨 Marked as known exploited on February 4th, 2025 (6 months ago).
Description: Direct Request ('Forced Browsing') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
CVSS: HIGH (7.5) EPSS Score: 75.58%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-40891 |
🚨 Marked as known exploited on January 29th, 2025 (6 months ago).
Description: A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device via Telnet.
CVSS: HIGH (8.8) EPSS Score: 4.13%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-40890 |
🚨 Marked as known exploited on February 11th, 2025 (5 months ago).
Description: A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request.
CVSS: HIGH (8.8) EPSS Score: 4.13%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-23690 |
Description: The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted "util backup_configuration" commands.
CVSS: HIGH (7.2) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|