CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56440 |
Description: Permission control vulnerability in the Connectivity module
Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.
CVSS: MEDIUM (6.2) EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-56439 |
Description: Access control vulnerability in the identity authentication module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS: HIGH (7.5) EPSS Score: 0.09%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-56438 |
Description: Vulnerability of improper memory address protection in the HUKS module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS: MEDIUM (6.0) EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-56437 |
Description: Vulnerability of input parameters not being verified in the widget framework module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS: MEDIUM (5.7) EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-56436 |
Description: Cross-process screen stack vulnerability in the UIExtension module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS: MEDIUM (5.5) EPSS Score: 0.09%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-56435 |
Description: Cross-process screen stack vulnerability in the UIExtension module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS: MEDIUM (6.2) EPSS Score: 0.09%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-56434 |
Description: UAF vulnerability in the device node access module
Impact: Successful exploitation of this vulnerability may cause service exceptions of the device.
CVSS: MEDIUM (4.4) EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-55656 |
Description: RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows an attacker (a redis client which knows the password) to allocate memory in the heap lesser than the required memory due to wraparound. Then read and write can be performed beyond this allocated memory, leading to info leak and OOB write. The integer overflow is in CMS.INITBYDIM command, which initialize a Count-Min Sketch to dimensions specified by user. It accepts two values (width and depth) and uses them to allocate memory in NewCMSketch(). This vulnerability is fixed in 2.2.19, 2.4.12, 2.6.14, and 2.8.2.
CVSS: HIGH (8.8) EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-55556 |
Description: A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this vulnerability relies on an attacker obtaining Laravel's secret APP_KEY, which would allow them to decrypt and manipulate session cookies (laravel_session) containing serialized data. By altering this data and re-encrypting it with the APP_KEY, the attacker could trigger arbitrary deserialization on the server, potentially leading to remote command execution (RCE). The vulnerability is primarily exploited by accessing an exposed cookie and manipulating it using the secret key to gain malicious access to the server.
EPSS Score: 0.05%
January 9th, 2025 (6 months ago)
|
|
CVE-2024-55517 |
Description: An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Input passed through the groupType parameter in /SCGController is mishandled before being used in SQL queries, allowing SQL injection in an authenticated session.
EPSS Score: 0.04%
January 9th, 2025 (6 months ago)
|