CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-23254 |
Description: The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.
CVSS: LOW (0.0) EPSS Score: 0.1%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-23249 |
Description: The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-22910 |
Description: Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and v.10.5.5 allows an attacker to execute arbitrary code via a crafted payload.
CVSS: LOW (0.0)
December 5th, 2024 (7 months ago)
|
|
CVE-2024-22780 |
Description: Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a remote attacker to execute arbitrary code via a crafted script to the errmsg parameter.
CVSS: LOW (0.0) EPSS Score: 0.05%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-21723 |
Description: Inadequate parsing of URLs could result into an open redirect.
CVSS: LOW (0.0) EPSS Score: 0.06%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-21105 |
Description: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).
CVSS: LOW (2.0) EPSS Score: 0.04%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-1764 |
Description: Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-1674 |
Description: Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVSS: LOW (0.0) EPSS Score: 0.08%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-12196 |
Description: Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (7 months ago)
|
|
CVE-2024-12151 |
Description: Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets.
CVSS: LOW (0.0) EPSS Score: 0.04%
December 5th, 2024 (7 months ago)
|