CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-0373

Description: On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow. A NFS server that exports a cd9660, tarfs, or ext2fs file system can be made to panic by mounting and accessing the export with an NFS client. Further exploitation (e.g., bypassing file permission checking or remote kernel code execution) is potentially possible, though this has not been demonstrated. In particular, release kernels are compiled with stack protection enabled, and some instances of the overflow are caught by this mechanism, causing a panic.

EPSS Score: 0.04%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2024-55417

Description: DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server.

EPSS Score: 0.05%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2024-55416

Description: DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed.

EPSS Score: 0.07%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2024-55415

Description: DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.

EPSS Score: 0.07%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2024-53615

Description: A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file.

EPSS Score: 0.04%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2024-44142

Description: The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.

EPSS Score: 0.04%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2024-24731

Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.

EPSS Score: 0.05%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2024-23973

Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.  The specific flaw exists within the handling of HTTP GET requests. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.

EPSS Score: 0.05%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2024-23971

Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.

EPSS Score: 0.07%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2024-23970

Description: This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root.

EPSS Score: 0.07%

Source: CVE
January 31st, 2025 (5 months ago)