CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-36062
The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enables any installed application (with no...
Description: The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callassistant.android.ui.call.incall.InCallActivity component.

EPSS Score: 0.04%

Source: CVE
February 11th, 2025 (5 months ago)

CVE-2024-34786
UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network...
Description: UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network Application) that could cause the SSID name to change and/or the WiFi Password to be removed on the 5GHz Radio. This vulnerability is fixed in UniFi iOS app 10.15.2 and later.

EPSS Score: 0.04%

Source: CVE
February 11th, 2025 (5 months ago)

CVE-2024-32268
An issue in Tuya Smart camera U6N v.3.2.5 allows a remote attacker to cause a denial of service via a crafted packet to the network connection...
Description: An issue in Tuya Smart camera U6N v.3.2.5 allows a remote attacker to cause a denial of service via a crafted packet to the network connection component.

EPSS Score: 0.04%

Source: CVE
February 11th, 2025 (5 months ago)

CVE-2024-30916
An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive...
Description: An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in DurabilityService QoS component.

EPSS Score: 0.04%

Source: CVE
February 11th, 2025 (5 months ago)

CVE-2024-29502
An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths.
Description: An issue in Secure Lockdown Multi Application Edition v2.00.219 allows attackers to read arbitrary files via using UNC paths.

EPSS Score: 0.04%

Source: CVE
February 11th, 2025 (5 months ago)

CVE-2024-28986
SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability
Description: SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.   However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.

CVSS: CRITICAL (9.8)

EPSS Score: 2.95%

Source: CVE
February 11th, 2025 (5 months ago)

CVE-2024-27859
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1,...
Description: The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to arbitrary code execution.

EPSS Score: 0.07%

Source: CVE
February 11th, 2025 (5 months ago)

CVE-2024-26306
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption...
Description: iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

CVSS: MEDIUM (5.9)

EPSS Score: 0.05%

Source: CVE
February 11th, 2025 (5 months ago)

CVE-2024-24116
An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.
Description: An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.

CVSS: CRITICAL (9.8)

EPSS Score: 1.19%

Source: CVE
February 11th, 2025 (5 months ago)

CVE-2024-21286
Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management product of Oracle PeopleSoft (component: Enterprise Learning...
Description: Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management product of Oracle PeopleSoft (component: Enterprise Learning Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise ELM Enterprise Learning Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise ELM Enterprise Learning Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

Source: CVE
February 11th, 2025 (5 months ago)