CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-21733	Apache Tomcat: Leaking of unrelated request bodies in default error page Description: Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. EPSS Score: 0.53% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-2173	Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a... Description: Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) EPSS Score: 0.08% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-2056	Artica Proxy Loopback Services Remotely Accessible Unauthenticated Description: Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-2055	Artica Proxy Unauthenticated File Manager Vulnerability Description: The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-2054	Artica Proxy Unauthenticated PHP Deserialization Vulnerability Description: The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. EPSS Score: 0.48% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-2053	Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability Description: The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-2004	Usage of disabled protocol Description: When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-1676	Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted... Description: Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) EPSS Score: 0.11% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-1675	Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via... Description: Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) EPSS Score: 0.09% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-1673	Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to... Description: Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) EPSS Score: 0.08% Source: CVE February 14th, 2025 (5 months ago)