CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-57184 |
Description: An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.
EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-57095 |
Description: SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload.
EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-57041 |
Description: A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile.
EPSS Score: 0.05%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-55193 |
Description: OpenImageIO v3.1.0.0dev was discovered to contain a segmentation violation via the component /OpenImageIO/string_view.h.
EPSS Score: 0.11%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-54529 |
Description: A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privileges.
EPSS Score: 0.05%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-53588 |
Description: A DLL hijacking vulnerability in iTop VPN v16.0 allows attackers to execute arbitrary code via placing a crafted DLL file into the path \ProgramData\iTop VPN\Downloader\vpn6.
EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-52317 |
Description: Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests
could lead to request and/or response mix-up between users.
This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95.
Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.
EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-52316 |
Description: Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.
Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.
EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-50698 |
Description: SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content.
EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-50695 |
Description: SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to stack-based buffer overflow when parsing MQTT messages, due to missing MQTT topic bounds checks.
EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|