CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-36053 |
Description: In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A user can modify a service name in a ~/.linuxmint/mintUpload/services/service file.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36052 |
Description: RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36050 |
Description: Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36049 |
Description: Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personally identifiable information (PII) and especially payroll data and the ability to impersonate legitimate users with respect to the audit log.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36043 |
Description: question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-36042 |
Description: Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3596 |
Description: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
EPSS Score: 0.16%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-35627 |
Description: tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /data/v3/?key.
EPSS Score: 0.08%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-35621 |
Description: A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-35618 |
Description: PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereference via the component SortedRowContainer.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|