CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-36076 |
Description: Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers to escalate privileges and obtain sensitive information when a logged-in SysReptor user visits a malicious same-site subdomain in the same browser session.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36070 |
Description: tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. (An update is also available for the 2022.11 series.)
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36056 |
Description: Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 (for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages), leading to NT AUTHORITY\SYSTEM privilege escalation.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36055 |
Description: Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API (IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, and seven others), leading to a denial of service (BSOD).
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36054 |
Description: Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily read kernel memory (and consequently gain all privileges) via IOCTL 0x9c4064b8 (via MmMapIoSpace) and IOCTL 0x9c406490 (via ZwMapViewOfSection).
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36053 |
Description: In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A user can modify a service name in a ~/.linuxmint/mintUpload/services/service file.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36052 |
Description: RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36050 |
Description: Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36049 |
Description: Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personally identifiable information (PII) and especially payroll data and the ability to impersonate legitimate users with respect to the audit log.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36043 |
Description: question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|