CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-55971
SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run...
Description: SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server.

EPSS Score: 0.05%

Source: CVE
January 24th, 2025 (6 months ago)

CVE-2024-55195
An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to...
Description: An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to requests to allocate too much space.

EPSS Score: 0.04%

Source: CVE
January 24th, 2025 (6 months ago)

CVE-2024-55194
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.
Description: OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.

EPSS Score: 0.14%

Source: CVE
January 24th, 2025 (6 months ago)

CVE-2024-55192
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*).
Description: OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*).

EPSS Score: 0.11%

Source: CVE
January 24th, 2025 (6 months ago)

CVE-2024-53379
Heap buffer overflow in the server site handshake implementation in Real Time Logic LLC's SharkSSL version (from 05/05/24) commit...
Description: Heap buffer overflow in the server site handshake implementation in Real Time Logic LLC's SharkSSL version (from 05/05/24) commit 64808a5e12c83b38f85c943dee0112e428dc2a43 allows a remote attacker to trigger a Denial-of-Service via a malformed Client-Hello message.

EPSS Score: 0.04%

Source: CVE
January 24th, 2025 (6 months ago)

CVE-2024-53299
Apache Wicket: An attacker can intentionally trigger a memory leak
Description: The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.

EPSS Score: 0.04%

Source: CVE
January 24th, 2025 (6 months ago)

CVE-2024-53124
net: fix data-races around sk->sk_forward_alloc
Description: In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc Syzkaller reported this warning: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0 Modules linked in: CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:inet_sock_destruct+0x1c5/0x1e0 Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 <0f> 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00 RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206 RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007 RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00 RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007 R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00 R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? __warn+0x88/0x130 ? inet_sock_destruct+0x1c5/0x1e0 ? report_bug+0x18e/0x1a0 ? ...

EPSS Score: 0.04%

Source: CVE
January 24th, 2025 (6 months ago)

CVE-2024-52975
Fleet Server sensitive information exposure via logs
Description: An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.

CVSS: CRITICAL (9.0)

EPSS Score: 0.04%

Source: CVE
January 24th, 2025 (6 months ago)

CVE-2024-52972
Kibana allocation of resources without limits or throttling leads to crash
Description: An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 24th, 2025 (6 months ago)

CVE-2024-52331
ECOVACS lawnmowers and vacuums deterministic firmware encryption key
Description: ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
January 24th, 2025 (6 months ago)