CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-24746 |
Description: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache NimBLE.
Specially crafted GATT operation can cause infinite loop in GATT server leading to denial of service in Bluetooth stack or device.
This issue affects Apache NimBLE: through 1.6.0.
Users are recommended to upgrade to version 1.7.0, which fixes the issue.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24683 |
Description: Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0.
Users are recommended to upgrade to version 2.8.0, which fixes the issue.
When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped.
The variable not properly escaped is the "id", which is not directly accessible by users creating pipelines making the risk of exploiting this low.
This issue only affects users using the Hop Server component and does not directly affect the client.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-2466 |
Description: libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc).
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24549 |
Description: Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.
Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24294 |
Description: A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24293 |
Description: A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24199 |
Description: smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/dns.c.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24198 |
Description: smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24194 |
Description: robdns commit d76d2e6 was discovered to contain a NULL pointer dereference via the item->tokens component at /src/conf-parse.c.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-24192 |
Description: robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c.
EPSS Score: 0.09%
February 14th, 2025 (5 months ago)
|