CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0725 |
Description: When libcurl is asked to perform automatic gzip decompression of
content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,
**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would
make libcurl perform a buffer overflow.
EPSS Score: 0.05%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-0665 |
Description: libcurl would wrongly close the same eventfd file descriptor twice when taking
down a connection channel after having completed a threaded name resolve.
EPSS Score: 0.05%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-0167 |
Description: When asked to use a `.netrc` file for credentials **and** to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.
This flaw only manifests itself if the netrc file has a `default` entry that
omits both login and password. A rare circumstance.
EPSS Score: 0.05%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-7596 |
Description: Proposed Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors.
This can be considered similar to CVE-2020-10136.
EPSS Score: 0.05%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-7595 |
Description: GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors.
This can be considered similar to CVE-2020-10136.
EPSS Score: 0.05%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-57699 |
Description: A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.
EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-57598 |
Description: A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote attacker to cause a denial of service vulnerability.
EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-57520 |
Description: Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function
EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-57086 |
Description: A prototype pollution in the function fieldsToJson of node-opcua-alarm-condition v2.134.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2024-57085 |
Description: A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|