CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-53829

Description: CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions, including but not limited to adding, removing or editing products. The attacker needs to know the ID of the available products to modify or delete them. The attacker cannot directly exfiltrate data (view) from CodeChecker, due to being limited to form-based CSRF. This issue affects CodeChecker: through 6.24.4.

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-52973

Description: An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/log_entries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-51941

Description: A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An attacker with authenticated access can exploit this vulnerability to execute arbitrary commands on the server. The issue has been fixed in the latest versions of Ambari.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-51919

Description: Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.

CVSS: CRITICAL (9.0)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-51888

Description: Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-51818

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-51417

Description: An issue in System.Linq.Dynamic.Core Latest version v.1.4.6 allows remote access to properties on reflection types and static properties/fields.

EPSS Score: 0.05%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-50633

Description: A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain information about other user accounts (this functionality is, in the current design, not restricted to any privileged roles such as event organizer).

CVSS: NONE (0.0)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-49748

Description: In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-49747

Description: In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)