CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-46974 |
Description: Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-46921 |
Description: An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of service (battery-drain attack).
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-45650 |
Description: IBM Security Verify Directory 10.0 through 10.0.3 is vulnerable to a denial of service when sending an LDAP extended operation.
CVSS: HIGH (7.5) EPSS Score: 0.05%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-45089 |
Description: IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-44911 |
Description: NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_tc.c).
EPSS Score: 0.05%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-44055 |
Description: Server-Side Request Forgery (SSRF) vulnerability in NotFound Oshine Modules. This issue affects Oshine Modules: from n/a through n/a.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-42671 |
Description: A Host Header Poisoning Open Redirect issue in slabiak Appointment Scheduler v.1.0.5 allows a remote attacker to redirect users to a malicious website, leading to potential credential theft, malware distribution, or other malicious activities.
EPSS Score: 0.04%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-4154 |
Description: In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged users to rename projects they do not have access to. Specifically, an unprivileged user can send a PATCH request to the project's endpoint with a new name for a project, despite not having the necessary permissions or being assigned to the project. This issue allows for unauthorized modification of project names, potentially leading to confusion or unauthorized access to project resources.
CVSS: HIGH (7.1) EPSS Score: 0.05%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-4151 |
Description: An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to manipulate or access sensitive project data, potentially leading to data integrity and confidentiality issues.
CVSS: HIGH (8.3) EPSS Score: 0.06%
February 1st, 2025 (5 months ago)
|
|
CVE-2024-40696 |
Description: IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS: MEDIUM (4.8) EPSS Score: 0.05%
February 1st, 2025 (5 months ago)
|