CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-55504

Description: An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploit_combined.dylib component on MacOS.

EPSS Score: 0.05%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-54795

Description: SpagoBI v3.5.1 contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities in the create/edit forms of the worksheet designer function.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-54794

Description: The script input feature of SpagoBI 3.5.1 allows arbitrary code execution.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-54792

Description: A Cross-Site Request Forgery (CSRF) vulnerability has been found in SpagoBI v3.5.1 in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in, like adding, editing or deleting users.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-51941

Description: A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-51417

Description: An issue in System.Linq.Dynamic.Core Latest version v.1.4.6 allows remote access to properties on reflection types and static properties/fields.

EPSS Score: 0.05%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-49748

Description: In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-49747

Description: In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-49745

Description: In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-49744

Description: In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (5 months ago)