CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-34130 |
🚨 Marked as known exploited on July 16th, 2025 (1 day ago).
Description: An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the /z/zbin/net_html.cgi endpoint. This vulnerability allows attackers to read sensitive configuration files, such as /zconf/service.xml, which can then be used to facilitate further attacks including command injection. The vulnerability has been exploited in the wild in conjunction with other issues by botnets like FBot and Moobot.
CVSS: HIGH (8.7) EPSS Score: 0.66%
July 16th, 2025 (1 day ago)
|
|
CVE-2025-34129 |
🚨 Marked as known exploited on July 16th, 2025 (1 day ago).
Description: A command injection vulnerability exists in LILIN LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.
CVSS: HIGH (8.7) EPSS Score: 0.32%
July 16th, 2025 (1 day ago)
|
|
🚨 Marked as known exploited on July 16th, 2025 (2 days ago).
Description: Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQLite open-source database engine before it could have been exploited in the wild.
The vulnerability, tracked as CVE-2025-6965 (CVSS score: 7.2), is a memory corruption flaw affecting all versions prior to 3.50.2. It was discovered by Big Sleep, an
CVSS: HIGH (7.2) EPSS Score: 0.04%
July 16th, 2025 (2 days ago)
|
|
CVE-2025-6965 |
🚨 Marked as known exploited on July 16th, 2025 (2 days ago).
Description: There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
CVSS: HIGH (7.2) EPSS Score: 0.04% SSVC Exploitation: none
July 15th, 2025 (3 days ago)
|
|
🚨 Marked as known exploited on June 27th, 2025 (21 days ago).
Description: Tenable’s Research Special Operations team focuses on some frequently asked questions about Iranian cyber operations, including the tactics, techniques and procedures employed by Iran-based threat actors.BackgroundTenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding Iranian cyber operations in the wake of the recent conflict and warnings from U.S. government agencies, including the Department of Homeland Security (DHS), about potential retaliatory attacks from cyber actors affiliated with the Iranian government as well as hacktivists.This FAQ provides a focused analysis of Iranian state-sponsored cyber threats, detailing the types of threats used by Advanced Persistent Threat (APT) groups, tactics, techniques and procedures (TTPs) mapped to the MITRE ATT&CK framework and the specific vulnerabilities they consistently exploit. We also provide guidance about Tenable product coverage you can use to reduce your cyber exposure to these threats.FAQHas there been an increase in threat activity related to Iran-based threat actors?While there have been ample warnings from U.S. government agencies about retaliatory attacks, we’re also seeing a slight increase in reported activity by threat actors. Reports have cited that threat actors have begun targeting U.S. finance, defense, and energy sectors. While this activity has been limited to distributed-denial-of-service (DDoS) attacks, there have also been recent re...
CVSS: HIGH (7.8)
June 27th, 2025 (21 days ago)
|
|
🚨 Marked as known exploited on June 18th, 2025 (30 days ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed a security flaw impacting the Linux kernel in its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild.
The vulnerability, CVE-2023-0386 (CVSS score: 7.8), is an improper ownership bug in the Linux kernel that could be exploited to escalate privileges on susceptible
CVSS: HIGH (7.8)
June 18th, 2025 (30 days ago)
|
|
🚨 Marked as known exploited on June 17th, 2025 (about 1 month ago).
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.Â
The vulnerability in question is CVE-2023-33538 (CVSS score: 8.8), a command injection bug that could result in the execution of arbitrary system commands when
CVSS: HIGH (8.8)
June 17th, 2025 (about 1 month ago)
|
|
CVE-2021-41617 |
🚨 Marked as known exploited on June 12th, 2025 (about 1 month ago).
Description: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.7
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Siemens
Equipment: SIMATIC S7-1500 CPU family
Vulnerabilities: Missing Encryption of Sensitive Data, Out-of-bounds Read, Use After Free, Stack-based Buffer Overflow, Incorrect Provision of Specified Functionality, Out-of-bounds Write, Incorrect Calculation of Buffer Size, Heap-based Buffer Overflow, External Control of File Name or Path, Uncontrolled Resource Consumption, Improper Input Validation, Truncation of Security-relevant Information, Missing Critical Step in Authentication, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Access of Resource Using Incompatible Type ('Type Confusion'), Signal Handler Race Condition, Inefficient Algorithmic Complexity, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), NULL Pointer Dereference, Reachable Assertion, Return of Pointer Value Outside of Expected Range, Improper Handling of Length Parameter Inconsistency, Integer Overflow or Wraparound, Improper Locking, Improper Validation of Array Index, Buffer Underwrite ('Buffer Underflow...
CVSS: HIGH (7.0)
June 12th, 2025 (about 1 month ago)
|
|
CVE-2025-33053 |
🚨 Marked as known exploited on June 10th, 2025 (about 1 month ago).
Description: External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.
CVSS: HIGH (8.8) EPSS Score: 41.76% SSVC Exploitation: active
June 10th, 2025 (about 1 month ago)
|
|
CVE-2024-38813 |
🚨 Marked as known exploited on June 10th, 2025 (about 1 month ago).
Description: The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
CVSS: HIGH (7.5) EPSS Score: 14.58% SSVC Exploitation: active
June 10th, 2025 (about 1 month ago)
|