CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53356 |
Description: EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to privilege escalation as the password token suffers from weak encryption making it possible to brute-force the password token.
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-53355 |
Description: EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to Incorrect Access Control. This vulnerability allows the api to be used to create/modify/delete information about aliases (users) / users (groups) / roles.
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-53354 |
Description: EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to SQL Injection.
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-53320 |
Description: Qualisys C++ SDK commit a32a21a was discovered to contain multiple stack buffer overflows via the GetCurrentFrame, SaveCapture, and LoadProject functions.
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-53319 |
Description: A heap buffer overflow in the XML Text Escaping component of Qualisys C++ SDK commit a32a21a allows attackers to cause Denial of Service (DoS) via escaping special XML characters.
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-53007 |
Description: Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call.
CVSS: MEDIUM (6.4) EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-52936 |
Description: Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory.
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-52875 |
Description: An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response. This can be exploited to perform Open Redirect or HTTP Response Splitting attacks, which in turn lead to Reflected Cross-Site Scripting (XSS). Remote command execution can be achieved by leveraging the upgrade feature in the admin interface.
CVSS: HIGH (8.8) EPSS Score: 0.05%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-52318 |
Description: Incorrect object recycling and reuse vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96.
Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-49807 |
Description: IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
February 1st, 2025 (5 months ago)
|