CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-31866	Apache Zeppelin: Interpreter download command does not escape malicious code injection Description: Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31865	Apache Zeppelin: Cron arbitrary user impersonation with improper privileges Description: Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31864	Apache Zeppelin: Remote code execution by adding malicious JDBC connection string Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Zeppelin. The attacker can inject sensitive configuration or malicious code when connecting MySQL database via JDBC driver. This issue affects Apache Zeppelin: before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31863	Apache Zeppelin: Replacing other users notebook, bypassing any permissions Description: Authentication Bypass by Spoofing vulnerability by replacing to exsiting notes in Apache Zeppelin.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. EPSS Score: 0.26% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31862	Apache Zeppelin: Denial of service with invalid notebook name Description: Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31860	Apache Zeppelin: Path traversal vulnerability Description: Improper Input Validation vulnerability in Apache Zeppelin. By adding relative path indicators(E.g ..), attackers can see the contents for any files in the filesystem that the server account can access. This issue affects Apache Zeppelin: from 0.9.0 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31847	An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote... Description: An issue was discovered in Italtel Embrace 1.6.4. A stored cross-site scripting (XSS) vulnerability allows authenticated and unauthenticated remote attackers to inject arbitrary web script or HTML into a GET parameter. This reflects/stores the user input without sanitization. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31845	An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The... Description: An issue was discovered in Italtel Embrace 1.6.4. The product does not neutralize or incorrectly neutralizes output that is written to logs. The web application writes logs using a GET query string parameter. This parameter can be modified by an attacker, so that every action he performs is attributed to a different user. This can be exploited without authentication. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31844	An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure... Description: An issue was discovered in Italtel Embrace 1.6.4. The server does not properly handle application errors. In some cases, this leads to a disclosure of information about the server. An unauthenticated user is able craft specific requests in order to make the application generate an error. Inside an error message, some information about the server is revealed, such as the absolute path of the source code of the application. This kind of information can help an attacker to perform other attacks against the system. This can be exploited without authentication. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-31843	An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are... Description: An issue was discovered in Italtel Embrace 1.6.4. The Web application does not properly check the parameters sent as input before they are processed on the server side. This allows authenticated users to execute commands on the Operating System. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)