CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-11468
Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful...
Description: Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE
February 5th, 2025 (5 months ago)

CVE-2024-11467
Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this...
Description: Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE
February 5th, 2025 (5 months ago)

CVE-2024-10239
fld->used_bytes without sanity check causes stack overflow
Description: A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
February 5th, 2025 (5 months ago)

CVE-2024-10238
fld->used_bytes without sanity check causes stack overflow
Description: A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
February 5th, 2025 (5 months ago)

CVE-2024-10237
SMC BMC Firmware Image Authentication Design Issue
Description: There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: CVE
February 5th, 2025 (5 months ago)

CVE-2024-56161
AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
Description: A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions. The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity. "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: TheHackerNews
February 4th, 2025 (6 months ago)

CVE-2025-25066
nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/ndpi_cache.c.
Description: nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/ndpi_cache.c.

CVSS: HIGH (8.1)

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (6 months ago)

CVE-2025-24962
Command Injection in reNgine
Description: reNgine is an automated reconnaissance framework for web applications. In affected versions a user can inject commands via the nmap_cmd parameters. This issue has been addressed in commit `c28e5c8d` and is expected in the next versioned release. Users are advised to filter user input and monitor the project for a new release.

CVSS: HIGH (8.7)

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (6 months ago)

CVE-2025-24960
Missing Input validation for filename in backups endpoint in Jellystat
Description: Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the route(s). This can lead to Path Traversal Vulnerabilities. Since this functionality is only for admin(s), there is very little scope for abuse. However, the `DELETE` `files/:filename` can be used to delete any file. This issue has been addressed in version 1.1.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS: HIGH (8.7)

EPSS Score: 0.05%

Source: CVE
February 4th, 2025 (6 months ago)

CVE-2025-24899
Disclosure of Sensitive User Information via API in reNgine
Description: reNgine is an automated reconnaissance framework for web applications. A vulnerability was discovered in reNgine, where **an insider attacker with any role** (such as Auditor, Penetration Tester, or Sys Admin) **can extract sensitive information from other reNgine users.** After running a scan and obtaining vulnerabilities from a target, the attacker can retrieve details such as `username`, `password`, `email`, `role`, `first name`, `last name`, `status`, and `activity information` by making a GET request to `/api/listVulnerability/`. This issue has been addressed in version 2.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (6 months ago)