CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-23135 |
Description: A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk applications can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.
CVSS: HIGH (7.8) EPSS Score: 0.1%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-23133 |
Description: A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-23132 |
Description: A maliciously crafted STP file in atf_dwg_consumer.dll when parsed through Autodesk applications can lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.05%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-23126 |
Description: A maliciously crafted CATPART file when parsed CC5Dll.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.07%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-23125 |
Description: A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk applications can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.09%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-22316 |
Description: IBM Sterling File Gateway 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.1 could allow an authenticated user to perform unauthorized actions to another user's data due to improper access controls.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-22029 |
Description: Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
CVSS: HIGH (7.8) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-21546 |
Description: Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code.
CVSS: CRITICAL (9.3) EPSS Score: 0.05%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-1394 |
Description: A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them.
EPSS Score: 0.07%
January 28th, 2025 (5 months ago)
|
|
CVE-2024-13721 |
Description: The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
January 28th, 2025 (5 months ago)
|