CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-32077	Apache Airflow: XSS vulnerability in Task Instance Log/Log Details Description: Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue. EPSS Score: 0.14% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31974	The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute... Description: The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately sanitize the URI or any extra data passed in the intent by any installed application (with no permissions). EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31869	Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used Description: Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 https://github.com/advisories/GHSA-9qqg-mh7c-chfq which concerned API, not UI configuration page. EPSS Score: 0.1% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31866	Apache Zeppelin: Interpreter download command does not escape malicious code injection Description: Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31865	Apache Zeppelin: Cron arbitrary user impersonation with improper privileges Description: Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31864	Apache Zeppelin: Remote code execution by adding malicious JDBC connection string Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31863	Apache Zeppelin: Replacing other users notebook, bypassing any permissions Description: Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. EPSS Score: 0.26% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31862	Apache Zeppelin: Denial of service with invalid notebook name Description: Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31860	Apache Zeppelin: Path traversal vulnerability Description: Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31847	An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote... Description: An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)