CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-41971 |
Description: A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss.
CVSS: HIGH (8.1) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2024-41970 |
Description: A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources.
CVSS: MEDIUM (5.7) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2024-41968 |
Description: A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2024-41967 |
Description: A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack.
CVSS: HIGH (8.1) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2024-4148 |
Description: A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially render it completely non-functional. Specifically, the vulnerability can be triggered by sending a specially crafted request to the application, leading to a denial of service where the application crashes.
CVSS: HIGH (7.5) EPSS Score: 0.05%
January 31st, 2025 (5 months ago)
|
|
CVE-2024-3502 |
Description: In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. This issue occurs when authenticated users inspect responses from `GET /v1/users/me` and `GET /v1/users/me/org` endpoints. The exposed account recovery hashes, while not directly related to user passwords, represent sensitive information that should not be accessible to unauthorized parties. Exposing these hashes could potentially facilitate account recovery attacks or other malicious activities. The vulnerability was addressed in version 1.2.6.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 31st, 2025 (5 months ago)
|
|
CVE-2024-3501 |
Description: In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. These tokens, intended for sensitive operations such as password resets or account verification, are exposed to unauthorized actors, potentially allowing them to perform actions on behalf of the user. This issue was addressed in version 1.2.6, where the exposure of single-use tokens in user-facing queries was mitigated.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
January 31st, 2025 (5 months ago)
|
|
CVE-2024-2658 |
Description: A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges.
CVSS: HIGH (8.5) EPSS Score: 0.05%
January 31st, 2025 (5 months ago)
|
|
CVE-2024-25995 |
Description: An unauthenticated remote attacker can modify configurations to perform a remote code execution, gain root rights or perform an DoS due to improper input validation.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
January 31st, 2025 (5 months ago)
|
|
CVE-2024-24731 |
Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.
EPSS Score: 0.05%
January 31st, 2025 (5 months ago)
|