CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-51888

Description: Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-51818

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-51417

Description: An issue in System.Linq.Dynamic.Core Latest version v.1.4.6 allows remote access to properties on reflection types and static properties/fields.

EPSS Score: 0.05%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-50633

Description: A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain information about other user accounts (this functionality is, in the current design, not restricted to any privileged roles such as event organizer).

CVSS: NONE (0.0)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-49748

Description: In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-49747

Description: In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-49745

Description: In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-49744

Description: In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-49738

Description: In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)

CVE-2024-49737

Description: In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (6 months ago)