CyberAlerts provides a trusted catalog of vulnerabilities known to be exploited in the wild, drawing from many sources, including CISA KEV. Organizations can use this catalog to better prioritize and manage vulnerabilities in response to real-world threat activity. Further information here.
Displaying vulnerabilities 1 - 10 of 115 in total
CVE-2025-48930 |
Description: The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues, as exploited in the wild in May 2025.
CVSS: LOW (2.8) EPSS Score: 0.01%
May 28th, 2025 (1 day ago)
|
CVE-2025-48929 |
Description: The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary, as exploited in the wild in May 2025.
CVSS: MEDIUM (4.0) EPSS Score: 0.05%
May 28th, 2025 (2 days ago)
|
CVE-2025-48928 |
Description: The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
CVSS: MEDIUM (4.0) EPSS Score: 0.01% SSVC Exploitation: none
May 28th, 2025 (2 days ago)
|
CVE-2025-48927 |
Description: The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
CVSS: MEDIUM (5.3) EPSS Score: 0.03% SSVC Exploitation: none
May 28th, 2025 (2 days ago)
|
CVE-2025-48926 |
Description: The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers, as exploited in the wild in May 2025.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 28th, 2025 (2 days ago)
|
CVE-2025-48925 |
Description: The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential, as exploited in the wild in May 2025.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
May 28th, 2025 (2 days ago)
|
CVE-2025-37922 |
Description: In the Linux kernel, the following vulnerability has been resolved:
book3s64/radix : Align section vmemmap start address to PAGE_SIZE
A vmemmap altmap is a device-provided region used to provide
backing storage for struct pages. For each namespace, the altmap
should belong to that same namespace. If the namespaces are
created unaligned, there is a chance that the section vmemmap
start address could also be unaligned. If the section vmemmap
start address is unaligned, the altmap page allocated from the
current namespace might be used by the previous namespace also.
During the free operation, since the altmap is shared between two
namespaces, the previous namespace may detect that the page does
not belong to its altmap and incorrectly assume that the page is a
normal page. It then attempts to free the normal page, which leads
to a kernel crash.
Kernel attempted to read user page (18) - exploit attempt? (uid: 0)
BUG: Kernel NULL pointer dereference on read at 0x00000018
Faulting instruction address: 0xc000000000530c7c
Oops: Kernel access of bad area, sig: 11 [#1]
LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries
CPU: 32 PID: 2104 Comm: ndctl Kdump: loaded Tainted: G W
NIP: c000000000530c7c LR: c000000000530e00 CTR: 0000000000007ffe
REGS: c000000015e57040 TRAP: 0300 Tainted: G W
MSR: 800000000280b033 CR: 84482404
CFAR: c000000000530dfc DAR: 0000000000000018 DSISR: 40000000 IRQMASK: 0
GPR00: c000000000530e00 c000000015e572e0 c000000002c5cb00 c00c00...
EPSS Score: 0.02%
May 20th, 2025 (10 days ago)
|
CVE-2024-11182 |
Description: An XSS issue was discovered in
MDaemon Email Server before versionĀ 24.5.1c. An attacker can send an HTML e-mail message
with
JavaScript in an img tag. This could
allow a remote attacker
to load arbitrary JavaScript code in the context of a webmail user's browser window.
CVSS: MEDIUM (6.1) EPSS Score: 39.83% SSVC Exploitation: active
May 19th, 2025 (11 days ago)
|
CVE-2025-4428 |
Description: Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.
CVSS: HIGH (7.2) EPSS Score: 29.66%
May 19th, 2025 (11 days ago)
|
CVE-2025-27920 |
Description: Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.
CVSS: CRITICAL (9.8) EPSS Score: 62.5%
May 19th, 2025 (11 days ago)
|