CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-38474 |
Description: Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in
directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
EPSS Score: 3.59%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-38473 |
Description: Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3847 |
Description: Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3846 |
Description: Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3845 |
Description: Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)
EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3844 |
Description: Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3843 |
Description: Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
EPSS Score: 0.08%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3841 |
Description: Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3840 |
Description: Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
EPSS Score: 0.1%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3839 |
Description: Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
EPSS Score: 0.09%
February 14th, 2025 (5 months ago)
|