CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0282 |
🚨 Marked as known exploited on January 8th, 2025 (6 months ago).
Description: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
CVSS: CRITICAL (9.0) EPSS Score: 15.33%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-29059 |
🚨 Marked as known exploited on February 4th, 2025 (5 months ago).
Description: .NET Framework Information Disclosure Vulnerability
CVSS: HIGH (7.5) EPSS Score: 2.37%
January 1st, 2025 (6 months ago)
|
|
CVE-2024-21413 |
🚨 Marked as known exploited on February 6th, 2025 (5 months ago).
Description: Microsoft Outlook Remote Code Execution Vulnerability
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
January 1st, 2025 (6 months ago)
|
|
CVE-2024-3393 |
🚨 Marked as known exploited on December 27th, 2024 (7 months ago).
Description: A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
CVSS: HIGH (8.7) EPSS Score: 0.78%
December 31st, 2024 (6 months ago)
|
|
CVE-2024-53197 |
🚨 Marked as known exploited on April 8th, 2025 (3 months ago).
Description: In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
A bogus device can provide a bNumConfigurations value that exceeds the
initial value used in usb_get_configuration for allocating dev->config.
This can lead to out-of-bounds accesses later, e.g. in
usb_destroy_configuration.
EPSS Score: 0.04%
December 28th, 2024 (7 months ago)
|
|
CVE-2024-12987 |
🚨 Marked as known exploited on May 15th, 2025 (about 2 months ago).
Description: A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component. Es wurde eine Schwachstelle in DrayTek Vigor2960 and Vigor300B 1.5.1.4 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /cgi-bin/mainfunction.cgi/apmcfgupload der Komponente Web Management Interface. Durch die Manipulation des Arguments session mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 1.5.1.5 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: MEDIUM (6.9) EPSS Score: 0.05%
December 28th, 2024 (7 months ago)
|
|
CVE-2024-53150 |
🚨 Marked as known exploited on April 8th, 2025 (3 months ago).
Description: In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix out of bounds reads when finding clock sources
The current USB-audio driver code doesn't check bLength of each
descriptor at traversing for clock descriptors. That is, when a
device provides a bogus descriptor with a shorter bLength, the driver
might hit out-of-bounds reads.
For addressing it, this patch adds sanity checks to the validator
functions for the clock descriptor traversal. When the descriptor
length is shorter than expected, it's skipped in the loop.
For the clock source and clock multiplier descriptors, we can just
check bLength against the sizeof() of each descriptor type.
OTOH, the clock selector descriptor of UAC2 and UAC3 has an array
of bNrInPins elements and two more fields at its tail, hence those
have to be checked in addition to the sizeof() check.
CVSS: HIGH (7.8) EPSS Score: 0.04%
December 25th, 2024 (7 months ago)
|
|
CVE-2024-12686 |
🚨 Marked as known exploited on January 13th, 2025 (6 months ago).
Description: A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
CVSS: MEDIUM (6.6) EPSS Score: 6.18%
December 19th, 2024 (7 months ago)
|
|
CVE-2024-12356 |
🚨 Marked as known exploited on December 19th, 2024 (7 months ago).
Description: A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
CVSS: CRITICAL (9.8) EPSS Score: 1.3%
December 18th, 2024 (7 months ago)
|
|
CVE-2024-49138 |
🚨 Marked as known exploited on December 10th, 2024 (7 months ago).
Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: HIGH (7.8) EPSS Score: 0.05%
December 12th, 2024 (7 months ago)
|