CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-27223	In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This... Description: In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure after authenticating the cell connection with no additional execution privileges needed. User interaction is not needed for exploitation. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (6 months ago)
CVE-2024-26458	Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Description: Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (6 months ago)
CVE-2024-2611	A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability... Description: A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (6 months ago)
CVE-2024-25763	openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c. Description: openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (6 months ago)
CVE-2024-24195	robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c. Description: robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c. CVSS: LOW (0.0) Source: CVE December 7th, 2024 (6 months ago)
CVE-2024-20026	In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System... Description: In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541632. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (6 months ago)
CVE-2024-1656	Affected versions of Octopus Server had a weak content security policy. Description: Affected versions of Octopus Server had a weak content security policy. CVSS: LOW (2.6) EPSS Score: 0.04% Source: CVE December 7th, 2024 (6 months ago)
CVE-2024-10551	Sticky Social Icons <= 1.2.1 - Admin+ Stored XSS Description: The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (6 months ago)
CVE-2024-10480	3DPrint Lite < 2.1 - Settings Update via CSRF Description: The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (6 months ago)
CVE-2023-52542	Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability. Description: Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (6 months ago)