CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-49884
ext4: fix slab-use-after-free in ext4_split_extent_at()
Description: In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at() We hit the following use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0 Read of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40 CPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724 Call Trace: kasan_report+0x93/0xc0 ext4_split_extent_at+0xba8/0xcc0 ext4_split_extent.isra.0+0x18f/0x500 ext4_split_convert_extents+0x275/0x750 ext4_ext_handle_unwritten_extents+0x73e/0x1580 ext4_ext_map_blocks+0xe20/0x2dc0 ext4_map_blocks+0x724/0x1700 ext4_do_writepages+0x12d6/0x2a70 [...] Allocated by task 40: __kmalloc_noprof+0x1ac/0x480 ext4_find_extent+0xf3b/0x1e70 ext4_ext_map_blocks+0x188/0x2dc0 ext4_map_blocks+0x724/0x1700 ext4_do_writepages+0x12d6/0x2a70 [...] Freed by task 40: kfree+0xf1/0x2b0 ext4_find_extent+0xa71/0x1e70 ext4_ext_insert_extent+0xa22/0x3260 ext4_split_extent_at+0x3ef/0xcc0 ext4_split_extent.isra.0+0x18f/0x500 ext4_split_convert_extents+0x275/0x750 ext4_ext_handle_unwritten_extents+0x73e/0x1580 ext4_ext_map_blocks+0xe20/0x2dc0 ext4_map_blocks+0x724/0x1700 ext4_do_writepages+0x12d6/0x2a70 [...] ================================================================== The flow of issue triggering is as follows: ext4_split_extent_at path = *ppath ext4_ext_insert_extent(ppath) ext4_ext_create_new_leaf...

EPSS Score: 0.04%

Source: CVE
February 3rd, 2025 (5 months ago)
FreeBSD : qt6-webengine -- Multiple vulnerabilities (72b8729e-e134-11ef-9e76-4ccc6adda413)
Description: Nessus Plugin ID 214872 with High Severity Synopsis The remote FreeBSD host is missing one or more security-related updates. Description The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 72b8729e-e134-11ef-9e76-4ccc6adda413 advisory. Qt qtwebengine-chromium repo reports: Backports for 9 security bugs in Chromium:Tenable has extracted the preceding description block directly from the FreeBSD security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/214872
Source: Tenable Plugins
February 2nd, 2025 (5 months ago)
Sythe Allegedly Leaked 70 Millions USA Criminal Records
Description: Sythe Allegedly Leaked 70 Millions USA Criminal Records
Source: DarkWebInformer
February 2nd, 2025 (5 months ago)
FutureSeeker Claims to have Leaked the Data of SkilloVilla
Description: FutureSeeker Claims to have Leaked the Data of SkilloVilla
Source: DarkWebInformer
February 2nd, 2025 (5 months ago)
What does it mean to build in security from the ground up?
Source: TheRegister
February 2nd, 2025 (5 months ago)
Gilmore Girls fans nabbed as Eurocops dismantle two major cybercrime forums
Source: TheRegister
February 2nd, 2025 (5 months ago)

CVE-2019-19245
Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit Update Python3
Description: Posted by hyp3rlinx on Feb 01Updated SQL Injection CVE-2019-19245 exploit for Python3. import requests,time,re,sys,argparse #NAPC Xinet Elegant 6 Asset Library v6.1.655 #Pre-Auth SQL Injection 0day Exploit #By hyp3rlinx #ApparitionSec #UPDATED: Jan 2024 for python3 #TODO: add SSL support #=============================== #This will dump tables, usernames and passwords in vulnerable versions #REQUIRE PARAMS:...
Source: Full Disclosure Mailinglist
February 2nd, 2025 (5 months ago)
Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)
Description: Posted by David Fifield on Feb 01I tested a few more times, and it appears the text injection has disappeared. These are timestamps when I tested, with offsets relative to the initial discovery. +0h 2025-01-28 03:00 initial discovery +5h 2025-01-28 08:19 ?q=EgtoZWxsbyB3b3JsZA works (https://archive.is/DD9xB) +14h 2025-01-28 17:31 ?q=EgtoZWxsbyB3b3JsZA works (no archive) +45h...
Source: Full Disclosure Mailinglist
February 2nd, 2025 (5 months ago)
APPLE-SA-01-30-2025-1 GarageBand 10.4.12
Description: Posted by Apple Product Security via Fulldisclosure on Feb 01APPLE-SA-01-30-2025-1 GarageBand 10.4.12 GarageBand 10.4.12 addresses the following issues. Information about the security content is also available at https://support.apple.com/121866. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. GarageBand Available for: macOS Sonoma 14.4 and later Impact: Processing a maliciously crafted image may lead to arbitrary...
Source: Full Disclosure Mailinglist
February 2nd, 2025 (5 months ago)
9Lives - 109,515 breached accounts
Description: In October 2014, the (now defunct) Belgian gaming news forum 9Lives suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 109k unique email addresses along with usernames and salted MD5 password hashes.
Source: HaveIBeenPwnedLatestBreaches
February 2nd, 2025 (5 months ago)