CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A week of excrement and colors.
January 25th, 2025 (5 months ago)
|
|
|
January 25th, 2025 (5 months ago)
|
|
|
January 25th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor Claims to have Leaked the Data of Zacks Investment Research
January 25th, 2025 (5 months ago)
|
CVE-2025-21654 |
Description: In the Linux kernel, the following vulnerability has been resolved:
ovl: support encoding fid from inode with no alias
Dmitry Safonov reported that a WARN_ON() assertion can be trigered by
userspace when calling inotify_show_fdinfo() for an overlayfs watched
inode, whose dentry aliases were discarded with drop_caches.
The WARN_ON() assertion in inotify_show_fdinfo() was removed, because
it is possible for encoding file handle to fail for other reason, but
the impact of failing to encode an overlayfs file handle goes beyond
this assertion.
As shown in the LTP test case mentioned in the link below, failure to
encode an overlayfs file handle from a non-aliased inode also leads to
failure to report an fid with FAN_DELETE_SELF fanotify events.
As Dmitry notes in his analyzis of the problem, ovl_encode_fh() fails
if it cannot find an alias for the inode, but this failure can be fixed.
ovl_encode_fh() seldom uses the alias and in the case of non-decodable
file handles, as is often the case with fanotify fid info,
ovl_encode_fh() never needs to use the alias to encode a file handle.
Defer finding an alias until it is actually needed so ovl_encode_fh()
will not fail in the common case of FAN_DELETE_SELF fanotify events.
EPSS Score: 0.05%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-57556 |
Description: Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component
EPSS Score: 0.05%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-57386 |
Description: Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function.
EPSS Score: 0.05%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-57329 |
Description: HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads.
EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-57328 |
Description: A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access.
EPSS Score: 0.11%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-57326 |
Description: A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the search parameter.
EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|