CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-7305 |
Description: A maliciously crafted DWF file, when parsed in AdDwfPdk.dll through Autodesk AutoCAD, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.08%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-6790 |
Description: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a non-privileged user process to make valid GPU memory processing operations, including via WebGL or WebGPU, to cause the whole system to become unresponsive.This issue affects Bifrost GPU Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0; Valhall GPU Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0; Arm 5th Gen GPU Architecture Kernel Driver: r44p1, from r46p0 through r49p0, from r50p0 through r51p0.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57968 |
🚨 Marked as known exploited on March 10th, 2025 (4 months ago).
Description: Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57967 |
Description: PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping.
CVSS: MEDIUM (4.2) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57966 |
Description: libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.
CVSS: MEDIUM (5.0) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57669 |
Description: Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to obtain sensitive information via the BackupController.java file.
CVSS: HIGH (7.5) EPSS Score: 0.05%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57522 |
Description: SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57498 |
Description: Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57452 |
Description: ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileController, which allows attackers to delete any file and folder.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57451 |
Description: ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController#getFileList, which allows attackers to view any directory.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|