CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-42190 |
Description: HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a DLL hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content.
CVSS: MEDIUM (6.5) EPSS Score: 0.01%
May 30th, 2025 (18 days ago)
|
|
CVE-2024-23589 |
Description: Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs
CVSS: MEDIUM (6.8) EPSS Score: 0.01% SSVC Exploitation: none
May 30th, 2025 (18 days ago)
|
|
CVE-2024-13916 |
Description: An application "com.pri.applock", which is pre-loaded on Kruger&Matz smartphones, allows a user to encrypt any application using user-provided PIN code or by using biometric data.
Exposed ”com.android.providers.settings.fingerprint.PriFpShareProvider“ content provider's public method query() allows any other malicious application, without any granted Android system permissions, to exfiltrate the PIN code.
Vendor did not provide information about vulnerable versions.
Only version (version name: 13, version code: 33) was tested and confirmed to have this vulnerability
CVSS: MEDIUM (6.9) EPSS Score: 0.02% SSVC Exploitation: none
May 30th, 2025 (18 days ago)
|
|
CVE-2024-13915 |
Description: Android based smartphones from vendors such as Ulefone and Krüger&Matz contain "com.pri.factorytest" application preloaded onto devices during manufacturing process.
The application "com.pri.factorytest" (version name: 1.0, version code: 1) exposes a ”com.pri.factorytest.emmc.FactoryResetService“ service allowing any application to perform a factory reset of the device.
Application update did not increment the APK version. Instead, it was bundled in OS builds released later than December 2024 (Ulefone) and most probably March 2025 (Krüger&Matz, although the vendor has not confirmed it, so newer releases might be vulnerable as well).
CVSS: MEDIUM (6.9) EPSS Score: 0.02%
May 30th, 2025 (18 days ago)
|
|
CVE-2025-3230 |
Description: Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previously issued tokens.
CVSS: MEDIUM (5.4) EPSS Score: 0.03% SSVC Exploitation: none
May 30th, 2025 (18 days ago)
|
|
CVE-2025-2571 |
Description: Mattermost versions 10.7.x <= 10.7.0, 10.6.x <= 10.6.2, 10.5.x <= 10.5.3, 9.11.x <= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow.
CVSS: MEDIUM (4.2) EPSS Score: 0.03% SSVC Exploitation: none
May 30th, 2025 (18 days ago)
|
|
CVE-2024-7096 |
Description: A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met:
* SOAP admin services are accessible to the attacker.
* The deployment includes an internally used attribute that is not part of the default WSO2 product configuration.
* At least one custom role exists with non-default permissions.
* The attacker has knowledge of the custom role and the internal attribute used in the deployment.
Exploiting this vulnerability allows malicious actors to assign higher privileges to self-registered users, bypassing intended access control mechanisms.
CVSS: MEDIUM (4.2) EPSS Score: 0.02%
May 30th, 2025 (18 days ago)
|
|
CVE-2024-23849 |
Description: In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access.
CVSS: MEDIUM (5.5) EPSS Score: 0.02% SSVC Exploitation: none
May 30th, 2025 (18 days ago)
|
|
CVE-2024-23848 |
Description: In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
CVSS: MEDIUM (5.5) EPSS Score: 0.01% SSVC Exploitation: none
May 30th, 2025 (18 days ago)
|
|
CVE-2024-23770 |
Description: darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.
CVSS: MEDIUM (5.5) EPSS Score: 0.02% SSVC Exploitation: none
May 30th, 2025 (18 days ago)
|