CyberAlerts

CVE-2025-3579

Description: In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system (Unix) commands, interacting with internal services such as PHP or MySQL, and even invoking native functions of the framework used, such as Laravel or Symfony. This execution is achieved by Prompt Injection attacks through the /api//message endpoint, manipulating the content of the ‘content’ parameter.

CVSS: CRITICAL (9.3)

Source: CVE

April 15th, 2025 (about 3 hours ago)

CVE-2025-3578

Adversarial Input Handling Vulnerability in AiDex

Description: A malicious, authenticated user in Aidex, versions prior to 1.7, could list credentials of other users, create or modify existing users in the application, list credentials of users in production or development environments. In addition, it would be possible to cause bugs that would result in the exfiltration of sensitive information, such as details about the software or internal system paths. These actions could be carried out through the misuse of LLM Prompt (chatbot) technology, via the /api//message endpoint, by manipulating the contents of the ‘content’ parameter.

CVSS: CRITICAL (9.3)

Source: CVE

April 15th, 2025 (about 3 hours ago)

Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability

🚨 Marked as known exploited on April 15th, 2025 (about 7 hours ago).

Description: A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks

CVSS: CRITICAL (9.8)

Source: TheHackerNews

April 15th, 2025 (about 7 hours ago)

CVE-2025-32428

Jupyter Remote Desktop Proxy makes TigerVNC accessible via the network and not just via a UNIX socket as intended

Description: Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having TurboVNC as the vncserver executable. This issue is fixed in 3.0.1.

CVSS: CRITICAL (9.0)

Source: CVE

April 15th, 2025 (about 12 hours ago)

CVE-2025-24797

Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow

Description: Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not require authentication or user interaction, as long as the target device rebroadcasts packets on the default channel. This vulnerability fixed in 2.6.2.

CVSS: CRITICAL (9.4)

Source: CVE

April 15th, 2025 (about 12 hours ago)

[tcg/voyager] DevDojo Voyager Argument Injection vulnerability

Description: DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command. References https://nvd.nist.gov/vuln/detail/CVE-2025-32931 https://github.com/lishihihi/voyager-issue-report https://github.com/thedevdojo/voyager/blob/1.8/docs/core-concepts/compass.md https://github.com/thedevdojo/voyager/blob/7e7e0f4f0e115d2d9e0481a86153a1ceff194c00/resources/views/compass/includes/commands.blade.php#L11-L16 https://github.com/advisories/GHSA-qq2h-m2hj-hrff

CVSS: CRITICAL (9.1)

Source: Github Advisory Database (Composer)

April 14th, 2025 (about 13 hours ago)

CVE-2025-1782

Unsanitized input in language form field

Description: In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated with a valid user account.

CVSS: CRITICAL (9.9)

Source: CVE

April 14th, 2025 (about 17 hours ago)

CVE-2025-32931

DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a...

Description: DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command.

CVSS: CRITICAL (9.1)

Source: CVE

April 14th, 2025 (about 20 hours ago)

CVE-2025-22371

SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in SicommNet BASEC

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands. This issue at least affects BASEC for the date of 14 Dec 2021 onwards. It is very likely that this vulnerability has been present in the solution before that. As of the date of this CVE record, there has been no patch

CVSS: CRITICAL (9.3)

SSVC Exploitation: none

Source: CVE

April 14th, 2025 (about 20 hours ago)

CVE-2025-0129

Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser

Description: Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser

CVSS: CRITICAL (9.4)

EPSS Score: 0.04%

Source: CVE

April 11th, 2025 (4 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-3579	Code Injection Vulnerability in AiDex Description: In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system (Unix) commands, interacting with internal services such as PHP or MySQL, and even invoking native functions of the framework used, such as Laravel or Symfony. This execution is achieved by Prompt Injection attacks through the /api//message endpoint, manipulating the content of the ‘content’ parameter. CVSS: CRITICAL (9.3) Source: CVE April 15th, 2025 (about 3 hours ago)
CVE-2025-3578	Adversarial Input Handling Vulnerability in AiDex Description: A malicious, authenticated user in Aidex, versions prior to 1.7, could list credentials of other users, create or modify existing users in the application, list credentials of users in production or development environments. In addition, it would be possible to cause bugs that would result in the exfiltration of sensitive information, such as details about the software or internal system paths. These actions could be carried out through the misuse of LLM Prompt (chatbot) technology, via the /api//message endpoint, by manipulating the contents of the ‘content’ parameter. CVSS: CRITICAL (9.3) Source: CVE April 15th, 2025 (about 3 hours ago)
	Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability 🚨 Marked as known exploited on April 15th, 2025 (about 7 hours ago). Description: A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks CVSS: CRITICAL (9.8) Source: TheHackerNews April 15th, 2025 (about 7 hours ago)
CVE-2025-32428	Jupyter Remote Desktop Proxy makes TigerVNC accessible via the network and not just via a UNIX socket as intended Description: Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessible via the network. This vulnerability does not affect users having TurboVNC as the vncserver executable. This issue is fixed in 3.0.1. CVSS: CRITICAL (9.0) Source: CVE April 15th, 2025 (about 12 hours ago)
CVE-2025-24797	Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow Description: Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not require authentication or user interaction, as long as the target device rebroadcasts packets on the default channel. This vulnerability fixed in 2.6.2. CVSS: CRITICAL (9.4) Source: CVE April 15th, 2025 (about 12 hours ago)
	[tcg/voyager] DevDojo Voyager Argument Injection vulnerability Description: DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command. References https://nvd.nist.gov/vuln/detail/CVE-2025-32931 https://github.com/lishihihi/voyager-issue-report https://github.com/thedevdojo/voyager/blob/1.8/docs/core-concepts/compass.md https://github.com/thedevdojo/voyager/blob/7e7e0f4f0e115d2d9e0481a86153a1ceff194c00/resources/views/compass/includes/commands.blade.php#L11-L16 https://github.com/advisories/GHSA-qq2h-m2hj-hrff CVSS: CRITICAL (9.1) Source: Github Advisory Database (Composer) April 14th, 2025 (about 13 hours ago)
CVE-2025-1782	Unsanitized input in language form field Description: In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated with a valid user account. CVSS: CRITICAL (9.9) Source: CVE April 14th, 2025 (about 17 hours ago)
CVE-2025-32931	DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a... Description: DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command. CVSS: CRITICAL (9.1) Source: CVE April 14th, 2025 (about 20 hours ago)
CVE-2025-22371	SQL-injection in admin_login_handler allows unauthenticated user to log in as an administrator in SicommNet BASEC Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SicommNet BASEC (SaaS Service) login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands. This issue at least affects BASEC for the date of 14 Dec 2021 onwards. It is very likely that this vulnerability has been present in the solution before that. As of the date of this CVE record, there has been no patch CVSS: CRITICAL (9.3) SSVC Exploitation: none Source: CVE April 14th, 2025 (about 20 hours ago)
CVE-2025-0129	Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser Description: Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser CVSS: CRITICAL (9.4) EPSS Score: 0.04% Source: CVE April 11th, 2025 (4 days ago)