CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-23203	The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be... Description: The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user. EPSS Score: 0.14% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-23201	A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS... Description: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. An app may be able to cause a denial-of-service. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-22774	An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe... Description: An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-22641	TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file. Description: TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-22590	The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be... Description: The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connection has been established. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-22588	Kwik commit 745fd4e2 does not discard unused encryption keys. Description: Kwik commit 745fd4e2 does not discard unused encryption keys. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-22525	dnspod-sr 0dfbd37 contains a SEGV. Description: dnspod-sr 0dfbd37 contains a SEGV. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-22524	dnspod-sr 0dfbd37 is vulnerable to buffer overflow. Description: dnspod-sr 0dfbd37 is vulnerable to buffer overflow. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-22393	Apache Answer: Pixel Flood Attack by uploading the large pixel file Description: Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content. Users are recommended to upgrade to version [1.2.5], which fixes the issue. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-2216	A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission... Description: A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)