CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-2215 |
Description: A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-22074 |
Description: Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212.
EPSS Score: 0.09%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-22049 |
Description: httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.
EPSS Score: 0.2%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-2193 |
Description: A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-2176 |
Description: Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.08%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-21742 |
Description: Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.
This can be exploited by an attacker to add unintended headers to MIME messages.
EPSS Score: 0.08%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-2174 |
Description: Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.08%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-21733 |
Description: Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.
Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.
EPSS Score: 0.53%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-2173 |
Description: Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.08%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-2056 |
Description: Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|