CVE-2024-55581 |
Description: When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certificate (unless the using program specifies a TLS configuration).
EPSS Score: 0.02%
February 26th, 2025 (5 months ago)
|
![]() |
Description: A recent social engineering campaign targeted job seekers in the Web3 space with fake job interviews through a malicious "GrassCall" meeting app that installs information-stealing malware to steal cryptocurrency wallets. [...]
February 26th, 2025 (5 months ago)
|
![]() |
February 26th, 2025 (5 months ago)
|
CVE-2024-53573 |
Description: Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects teacher/edit/{id}.
EPSS Score: 0.06%
February 26th, 2025 (5 months ago)
|
![]() |
|
CVE-2025-1634 |
Description: A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-1634
https://access.redhat.com/security/cve/CVE-2025-1634
https://bugzilla.redhat.com/show_bug.cgi?id=2347319
https://github.com/quarkusio/quarkus/issues/46412
https://github.com/quarkusio/quarkus/commit/80b8eb41678cdccb46e964dc324d048a5ef00f4b
https://github.com/advisories/GHSA-4fwr-mh5q-hchh
EPSS Score: 0.07%
February 26th, 2025 (5 months ago)
|
![]() |
February 26th, 2025 (5 months ago)
|
![]() |
|
CVE-2024-57423 |
Description: A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function.
EPSS Score: 0.06%
February 26th, 2025 (5 months ago)
|
CVE-2024-50696 |
Description: SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server.
EPSS Score: 0.02%
February 26th, 2025 (5 months ago)
|