CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-0555

Description: A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.

CVSS: HIGH (7.7)

EPSS Score: 0.07%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-0289

Description: Paragon Partition Manager version 17, both community and Business versions, contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.

EPSS Score: 0.05%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-0288

Description: Paragon Partition Manager version 7.9.1 contains an arbitrary kernel memory vulnerability facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.

EPSS Score: 0.05%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-0287

Description: Paragon Partition Manager version 7.9.1 contains a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.

EPSS Score: 0.02%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-0286

Description: Paragon Partition Manager version 7.9.1 contains an arbitrary kernel memory write vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to execute arbitrary code on the victim machine.

EPSS Score: 0.08%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-0285

Description: Paragon Partition Manager version 7.9.1 contains an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits.

EPSS Score: 0.05%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-57240

Description: A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file.

EPSS Score: 0.03%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-55570

Description: /api/user/users in the web GUI for the Cubro EXA48200 network packet broker (build 20231025055018) fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their privileges by sending a single HTTP PUT request with rolename=Administrator, aka incorrect access control.

EPSS Score: 0.03%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-55532

Description: Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue.

EPSS Score: 0.07%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-53388

Description: A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element.

EPSS Score: 0.06%

Source: CVE
March 3rd, 2025 (4 months ago)