CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-4761
Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted...
Description: Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

EPSS Score: 0.3%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-47266
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active...
Description: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in share file list functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to read specific files containing non-sensitive information via unspecified vectors.

CVSS: LOW (2.7)

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-47265
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology...
Description: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in encrypted share umount functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users to write specific files via unspecified vectors.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-47264
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active...
Description: Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in agent-related functionality in Synology Active Backup for Business before 2.7.1-13234, 2.7.1-23234 and 2.7.1-3234 allows remote authenticated users with administrator privileges to delete arbitrary files via unspecified vectors.

CVSS: MEDIUM (4.9)

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-46910
Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user
Description: An authenticated user can perform XSS and potentially impersonate another user. This issue affects Apache Atlas versions 2.3.0 and earlier. Users are recommended to upgrade to version 2.4.0, which fixes the issue.

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-4671
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to...
Description: Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

EPSS Score: 0.23%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-4577
Argument Injection in PHP-CGI
Description: In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

CVSS: CRITICAL (9.8)

EPSS Score: 95.38%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-4559
Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a...
Description: Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

EPSS Score: 0.05%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-4558
Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted...
Description: Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

EPSS Score: 0.07%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-4453
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability
Description: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of EXIF metadata. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-23896.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
February 14th, 2025 (5 months ago)