CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-3303 |
Description: An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection.
CVSS: MEDIUM (6.4) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-32962 |
Description: xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-20080610 spec. As such, without additional validation steps, the default configuration allows a malicious actor to re-sign an XML document, place the certificate in a `` element, and pass `xml-crypto` default validation checks. As a result `xml-crypto` trusts by default any certificate provided via digitally signed XML document's ``. `xml-crypto` prefers to use any certificate provided via digitally signed XML document's `` even if library was configured to use specific certificate (`publicCert`) for signature verification purposes. An attacker can spoof signature verification by modifying XML document and replacing existing signature with signature generated with malicious private key (created by attacker) and by attaching that private key's certificate to `` element. This vulnerability is combination of changes introduced to `4.0.0` on pull request 301 / commit `c2b83f98` and has been addressed in version 6.0.0 with pull request 445 / commit `21201723d`. Users are advised to upgrade. Users unable to upgrade may either check the certificate extracted via `getCertFromKeyInfo` against trusted certificates before accepting the results of the validation or set `xml-crypto's getCertFromKeyInfo` to `() => undefined` forcing `xml-...
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-3281 |
Description: A vulnerability was discovered in the firmware builds after 8.0.2.3267 and prior to 8.1.3.1301 in CCX devices. A flaw in the firmware build process did not properly restrict access to a resource from an unauthorized actor.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-32760 |
Description: When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 encoder instructions can cause NGINX worker processes to terminate or cause or other potential impact.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-32662 |
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
CVSS: HIGH (7.5) EPSS Score: 0.08%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-32661 |
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
CVSS: HIGH (7.5) EPSS Score: 0.09%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-32660 |
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
CVSS: HIGH (7.5) EPSS Score: 0.1%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-32659 |
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
CVSS: CRITICAL (9.8) EPSS Score: 0.08%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-32658 |
Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-32651 |
Description: changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).
CVSS: CRITICAL (10.0) EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|