CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-53995 |
Description: SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter.
CVSS: LOW (1.9) EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-53526 |
Description: composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function.
EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-53522 |
Description: Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information.
EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-52869 |
Description: Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 on Teradata Database systems, some service/system user accounts, and possibly systems administrator created user accounts, are incorrectly assigned to groups that allow higher system-level privileges than intended for those user accounts. Depending on the usage of these accounts, this may lead to full system compromise.
EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-51737 |
Description: RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments.
CVSS: HIGH (7.0) EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-51480 |
Description: RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3.
CVSS: HIGH (7.0) EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-51442 |
Description: Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file.
EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-49079 |
Description: Input Method Editor (IME) Remote Code Execution Vulnerability
CVSS: HIGH (7.8) EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-49075 |
Description: Windows Remote Desktop Services Denial of Service Vulnerability
CVSS: HIGH (7.5) EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-49071 |
Description: Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.
CVSS: MEDIUM (6.5) EPSS Score: 0.06%
January 9th, 2025 (6 months ago)
|