CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-38475 |
🚨 Marked as known exploited on May 1st, 2025 (2 months ago).
Description: Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure.
Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-38474 |
Description: Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in
directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
EPSS Score: 3.59%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-38473 |
Description: Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3847 |
Description: Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3846 |
Description: Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3845 |
Description: Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)
EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3844 |
Description: Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3843 |
Description: Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
EPSS Score: 0.08%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3841 |
Description: Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3840 |
Description: Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
EPSS Score: 0.1%
February 14th, 2025 (5 months ago)
|