CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-57240

Description: A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file.

EPSS Score: 0.03%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-55570

Description: /api/user/users in the web GUI for the Cubro EXA48200 network packet broker (build 20231025055018) fixed in V5.0R14.5P4-V3.3R1 allows remote authenticated users of the application to increase their privileges by sending a single HTTP PUT request with rolename=Administrator, aka incorrect access control.

EPSS Score: 0.03%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-55532

Description: Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version < 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue.

EPSS Score: 0.07%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-53388

Description: A DOM Clobbering vulnerability in mavo v0.3.2 allows attackers to execute arbitrary code via supplying a crafted HTML element.

EPSS Score: 0.06%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-53387

Description: A DOM Clobbering vulnerability in umeditor v1.2.3 allows attackers to execute arbitrary code via supplying a crafted HTML element.

EPSS Score: 0.06%

Source: CVE
March 3rd, 2025 (4 months ago)
Description: Another lawyer was caught using AI and not checking the output for accuracy, while a previously-reported case just got hit with sanctions.
Source: 404 Media
March 3rd, 2025 (4 months ago)
Description: Utsunomiya Central Clinic Has Fallen Victim to Qilin Ransomware
Source: DarkWebInformer
March 3rd, 2025 (4 months ago)
Description: Goroutine Leak in Abacus SSE Implementation Summary A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events (SSE) implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources and terminate associated goroutines. This leads to resource exhaustion where the server continues running but eventually stops accepting new SSE connections while maintaining high memory usage. The vulnerability specifically involves improper channel cleanup in the event handling mechanism, causing goroutines to remain blocked indefinitely. POC Impact This vulnerability affects all versions of Abacus prior to v1.4.0. The issue causes: Permanent unresponsiveness of the /stream endpoint after prolonged use Memory growth that stabilizes at a high level but prevents proper functionality Selective denial of service affecting only SSE connections while other endpoints remain functional Accumulated orphaned goroutines that cannot be garbage collected High resource consumption under sustained client connection/disconnection patterns Systems running Abacus in production with client applications that frequently establish and terminate SSE connections are most vulnerable. The issue becomes particularly apparent in high-traffic environments or during connection stress testing. Patches The vulnerability has been patched in Abacus v1.4.0. The fix includes: Implementing buffered channels to prev...
Source: Github Advisory Database (Go)
March 3rd, 2025 (4 months ago)
Description: Counter Claims to have Leaked the Data of Smoke's & Jack's Roleplay Forum
Source: DarkWebInformer
March 3rd, 2025 (4 months ago)
Description: Counter Claims to have Leaked the Data of TXG Corp
Source: DarkWebInformer
March 3rd, 2025 (4 months ago)