CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-20634 |
Description: In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.
EPSS Score: 0.09%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-20633 |
Description: In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00400889; Issue ID: MSV-2491.
CVSS: HIGH (8.8) EPSS Score: 0.05%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-20632 |
Description: In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397139; Issue ID: MSV-2188.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-20631 |
Description: In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397141; Issue ID: MSV-2187.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-0974 |
Description: A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. This issue affects some unknown processing. The manipulation of the argument li_op/md leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in MaxD Lightning Module 4.43 für OpenCart entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code. Mittels dem Manipulieren des Arguments li_op/md mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.3) EPSS Score: 0.06%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-0973 |
Description: A vulnerability classified as critical was found in CmsEasy 7.7.7.9. This vulnerability affects the function backAll_action in the library lib/admin/database_admin.php of the file /index.php?case=database&act=backAll&admin_dir=admin&site=default. The manipulation of the argument select[] leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In CmsEasy 7.7.7.9 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion backAll_action in der Bibliothek lib/admin/database_admin.php der Datei /index.php?case=database&act=backAll&admin_dir=admin&site=default. Durch Manipulation des Arguments select[] mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.14%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-0148 |
Description: Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access.
CVSS: LOW (2.6) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-0015 |
Description: Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-9997 |
Description: A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.07%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-9996 |
Description: A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.07%
February 4th, 2025 (5 months ago)
|