CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-20634

Description: In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.

EPSS Score: 0.09%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2025-20632

Description: In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397139; Issue ID: MSV-2188.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2025-20631

Description: In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397141; Issue ID: MSV-2187.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2025-0015

Description: Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-6790

Description: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a non-privileged user process to make valid GPU memory processing operations, including via WebGL or WebGPU, to cause the whole system to become unresponsive.This issue affects Bifrost GPU Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0; Valhall GPU Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0; Arm 5th Gen GPU Architecture Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-57522

Description: SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-57498

Description: Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-57452

Description: ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-57238

Description: Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-57237

Description: Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Type of text/html. This behavior allows the browser to execute injected JavaScript code.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)