CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32463 |
Description: Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
CVSS: CRITICAL (9.3)
June 30th, 2025 (about 3 hours ago)
|
|
Description: CVE-2025-20281 & CVE-2025-20282: Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC
CVSS: CRITICAL (9.8)
June 30th, 2025 (about 5 hours ago)
|
|
CVE-2025-6543 |
Description: Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
CVSS: CRITICAL (9.2)
June 30th, 2025 (about 8 hours ago)
|
|
CVE-2025-24290 |
Description: Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.
CVSS: CRITICAL (9.9)
June 29th, 2025 (1 day ago)
|
|
CVE-2025-53391 |
Description: The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to root.
CVSS: CRITICAL (9.3) EPSS Score: 0.01%
June 28th, 2025 (2 days ago)
|
|
CVE-2025-5304 |
Description: The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.
CVSS: CRITICAL (9.8) EPSS Score: 0.08%
June 28th, 2025 (3 days ago)
|
|
🚨 Marked as known exploited on June 27th, 2025 (3 days ago).
Description: Frequently asked questions about recent Citrix NetScaler ADC and Gateway vulnerabilities that have reportedly been exploited in the wild, including CVE-2025-5777 known as CitrixBleed 2.BackgroundTenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding CVE-2025-5777 and CVE-2025-6543, two Citrix NetScaler ADC and Gateway vulnerabilities that have reportedly been exploited in the wild.FAQWhat vulnerabilities have been exploited?As of the publication of this blog on June 27, active exploitation has been reported for the following CVEs:CVEDescriptionCVSSv4SeverityCVE-2025-5777Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability (“CitrixBleed 2”)9.3CriticalCVE-2025-6543Citrix NetScaler ADC and Gateway Denial of Service (DoS) Vulnerability9.2CriticalWhat is CVE-2025-5777 (CitrixBleed 2)CVE-2025-5777 is an out-of-bounds read vulnerability affecting Citrix NetScaler ADC and Gateway. Successful exploitation of this vulnerability would allow an attacker to read memory on an affected device, giving the attacker access to sensitive data including session tokens. These session tokens can be used to bypass multi-factor authentication (MFA) and allow the attacker to take over an authenticated session.Source: Kevin BeaumontWhy is CVE-2025-5777 being called CitrixBleed 2?The moniker CitrixBleed 2 was given to CVE-2025-5777 by security researcher Kevin Beaumont, who observed that this vulnerability is very simi...
CVSS: CRITICAL (9.3) EPSS Score: 0.06%
June 27th, 2025 (3 days ago)
|
|
CVE-2024-12143 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobilteg Mobile Informatics Mikro Hand Terminal - MikroDB allows SQL Injection.This issue affects . NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.
CVSS: CRITICAL (9.8) EPSS Score: 0.03%
June 27th, 2025 (3 days ago)
|
|
CVE-2024-12364 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mavi Yeşil Software Guest Tracking Software allows SQL Injection.This issue affects . NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.
CVSS: CRITICAL (9.8) EPSS Score: 0.03% SSVC Exploitation: none
June 27th, 2025 (3 days ago)
|
|
CVE-2024-12150 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection.This issue affects . NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.
CVSS: CRITICAL (9.8) EPSS Score: 0.03%
June 27th, 2025 (3 days ago)
|