CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-48428
An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function.
Description: An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function.

EPSS Score: 0.06%

Source: CVE
January 10th, 2025 (6 months ago)

CVE-2024-48063
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in...
Description: In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.

EPSS Score: 0.05%

Source: CVE
January 10th, 2025 (6 months ago)

CVE-2024-47726
f2fs: fix to wait dio completion
Description: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode.

EPSS Score: 0.05%

Source: CVE
January 10th, 2025 (6 months ago)

CVE-2024-47220
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header...
Description: An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."

EPSS Score: 0.05%

Source: CVE
January 10th, 2025 (6 months ago)

CVE-2024-46505
Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.
Description: Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.

EPSS Score: 0.04%

Source: CVE
January 10th, 2025 (6 months ago)

CVE-2024-46464
In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host...
Description: In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege.

EPSS Score: 0.04%

Source: CVE
January 10th, 2025 (6 months ago)

CVE-2024-45346
GetApps application has code execution vulnerability
Description: A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
January 10th, 2025 (6 months ago)

CVE-2024-44985
ipv6: prevent possible UAF in ip6_xmit()
Description: In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UAF in ip6_xmit() If skb_expand_head() returns NULL, skb has been freed and the associated dst/idev could also have been freed. We must use rcu_read_lock() to prevent a possible UAF.

EPSS Score: 0.04%

Source: CVE
January 10th, 2025 (6 months ago)

CVE-2024-44083
ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload...
Description: ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue.

EPSS Score: 0.05%

Source: CVE
January 10th, 2025 (6 months ago)

CVE-2024-43788
DOM Clobbering Gadget found in Webpack's AutoPublicPathRuntimeModule that leads to Cross-site Scripting (XSS)
Description: Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s `AutoPublicPathRuntimeModule`. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Real-world exploitation of this gadget has been observed in the Canvas LMS which allows a XSS attack to happen through a javascript code compiled by Webpack (the vulnerable part is from Webpack). DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or id attributes. This issue has been addressed in release version 5.94.0. All users are advised to upgrade. There are no known workarounds for this issue.

CVSS: MEDIUM (6.4)

EPSS Score: 0.06%

Source: CVE
January 10th, 2025 (6 months ago)