CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-0373	Buffer overflow in some filesystems via NFS Description: On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow. A NFS server that exports a cd9660, tarfs, or ext2fs file system can be made to panic by mounting and accessing the export with an NFS client. Further exploitation (e.g., bypassing file permission checking or remote kernel code execution) is potentially possible, though this has not been demonstrated. In particular, release kernels are compiled with stack protection enabled, and some instances of the overflow are caught by this mechanism, causing a panic. EPSS Score: 0.04% Source: CVE January 31st, 2025 (5 months ago)
CVE-2024-55417	DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via... Description: DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server. EPSS Score: 0.05% Source: CVE January 31st, 2025 (5 months ago)
CVE-2024-55416	DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link,... Description: DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed. EPSS Score: 0.07% Source: CVE January 31st, 2025 (5 months ago)
CVE-2024-55415	DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. Description: DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. EPSS Score: 0.07% Source: CVE January 31st, 2025 (5 months ago)
CVE-2024-53615	A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote... Description: A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file. EPSS Score: 0.04% Source: CVE January 31st, 2025 (5 months ago)
CVE-2024-44142	The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to... Description: The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution. EPSS Score: 0.04% Source: CVE January 31st, 2025 (5 months ago)
CVE-2024-24731	Silicon Labs Gecko OS http_download Stack-based Buffer Overflow Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. EPSS Score: 0.05% Source: CVE January 31st, 2025 (5 months ago)
CVE-2024-23973	Silicon Labs Gecko OS HTTP GET Request Handling Stack-based Buffer Overflow Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. EPSS Score: 0.05% Source: CVE January 31st, 2025 (5 months ago)
CVE-2024-23971	ChargePoint Home Flex OCPP bswitch Command Injection Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. EPSS Score: 0.07% Source: CVE January 31st, 2025 (5 months ago)
CVE-2024-23970	ChargePoint Home Flex Improper Certificate Validation Description: This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. EPSS Score: 0.07% Source: CVE January 31st, 2025 (5 months ago)