CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-1077 |
Description: Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
EPSS Score: 0.17%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-10763 |
Description: The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-1060 |
Description: Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.17%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-1059 |
Description: Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.17%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-1019 |
Description: ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.
CVSS: HIGH (8.6) EPSS Score: 0.07%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-10083 |
Description: CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering
workstation when specific driver interface is invoked locally by an authenticated user with crafted input.
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-0986 |
Description: A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in Issabel PBX 4.0.0 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /index.php?menu=asterisk_cli der Komponente Asterisk-Cli. Durch Beeinflussen des Arguments Command mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.7) EPSS Score: 95.49%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-0917 |
Description: remote code execution in paddlepaddle/paddle 2.6.0
CVSS: CRITICAL (9.4) EPSS Score: 0.29%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-0853 |
Description: curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to
the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.
EPSS Score: 0.1%
February 14th, 2025 (5 months ago)
|
|
CVE-2024-0831 |
Description: Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.
CVSS: MEDIUM (4.5) EPSS Score: 0.13%
February 14th, 2025 (5 months ago)
|