CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-3833	Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a... Description: Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) EPSS Score: 0.12% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-3832	Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted... Description: Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) EPSS Score: 0.07% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-38276	moodle: CSRF risks due to misuse of confirm_sesskey Description: Incorrect CSRF token checks resulted in multiple CSRF risks. EPSS Score: 0.06% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-38274	moodle: stored XSS via calendar's event title when deleting the event Description: Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-38273	moodle: BigBlueButton web service leaks meeting joining information to users who should not have access Description: Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-37603	An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user data import/export... Description: An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible type confusion exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-37601	An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export... Description: An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-37385	Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this... Description: Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-37273	An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via... Description: An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. EPSS Score: 0.17% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-37031	The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities... Description: The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities (to be later edited in forms) with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)