CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-29157 |
Description: HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-29133 |
Description: Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1, which fixes the issue.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-29120 |
Description: In Streampark (version < 2.1.4), when a user logged in successfully, the Backend service would return "Authorization" as the front-end authentication credential. User can use this credential to request other users' information, including the administrator's username, password, salt value, etc.
Mitigation:
all users should upgrade to 2.1.4
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-29090 |
Description: Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-29072 |
Description: A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.
CVSS: HIGH (8.2) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-29025 |
Description: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-2887 |
Description: Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.11%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-28863 |
Description: node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-2886 |
Description: Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-2885 |
Description: Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|