CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-57184

Description: An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2024-57095

Description: SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload.

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2024-57041

Description: A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile.

EPSS Score: 0.05%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2024-55193

Description: OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.

EPSS Score: 0.11%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2024-54529

Description: A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privileges.

EPSS Score: 0.05%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2024-53588

Description: A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to execute arbitrary code via placing a crafted DLL file into the path \ProgramData\iTop VPN\Downloader\vpn6.

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2024-52317

Description: Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2024-52316

Description: Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2024-50698

Description: SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content.

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)

CVE-2024-50695

Description: SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks.

EPSS Score: 0.04%

Source: CVE
January 25th, 2025 (5 months ago)