CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-2263
Santesoft Sante PACS Server Stack-based Buffer Overflow
Description: During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker.

CVSS: CRITICAL (9.8)

EPSS Score: 0.23%

Source: CVE
March 13th, 2025 (3 months ago)

CVE-2025-2080
Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that...
Description: Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the products.

CVSS: CRITICAL (9.3)

EPSS Score: 0.06%

Source: CVE
March 13th, 2025 (3 months ago)

CVE-2024-37080
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to...
Description: vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

CVSS: CRITICAL (9.8)

EPSS Score: 5.2%

SSVC Exploitation: poc

Source: CVE
March 13th, 2025 (3 months ago)

CVE-2024-31473
There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by...
Description: There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's Access Point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

CVSS: CRITICAL (9.8)

EPSS Score: 1.33%

SSVC Exploitation: none

Source: CVE
March 13th, 2025 (3 months ago)

CVE-2024-20997
Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). ...
Description: Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

CVSS: CRITICAL (9.9)

EPSS Score: 1.02%

SSVC Exploitation: none

Source: CVE
March 13th, 2025 (3 months ago)

CVE-2024-24996
A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute...
Description: A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands.

CVSS: CRITICAL (9.8)

EPSS Score: 8.89%

SSVC Exploitation: none

Source: CVE
March 13th, 2025 (3 months ago)

CVE-2025-27407
Remote code execution when loading a crafted GraphQL schema
Description: graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use GraphQL::Client to load external schemas via GraphQL introspection. Versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21 contain a patch for the issue.

CVSS: CRITICAL (9.1)

EPSS Score: 4.32%

SSVC Exploitation: none

Source: CVE
March 12th, 2025 (3 months ago)

CVE-2024-30620
Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan.
Description: Tenda AX1803 v1.0.0.1 contains a stack overflow via the serviceName parameter in the function fromAdvSetMacMtuWan.

CVSS: CRITICAL (9.8)

EPSS Score: 0.33%

SSVC Exploitation: poc

Source: CVE
March 12th, 2025 (3 months ago)

CVE-2025-1960
CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands...
Description: CWE-1188: Initialization of a Resource with an Insecure Default vulnerability exists that could cause an attacker to execute unauthorized commands when a system’s default password credentials have not been changed on first use. The default username is not displayed correctly in the WebHMI interface.

CVSS: CRITICAL (9.2)

EPSS Score: 0.06%

Source: CVE
March 12th, 2025 (3 months ago)
CVE-2024-13871, CVE-2024-13872: Unauthenticated Command Injection in Bitdefender BOX v1 and Insecure Update Mechanism Vulnerability in libboxhermes...
Description: CVE-2024-13871, CVE-2024-13872: Unauthenticated Command Injection in Bitdefender BOX v1 and Insecure Update Mechanism Vulnerability in libboxhermes.so in Bitdefender BOX v1

CVSS: CRITICAL (9.4)

EPSS Score: 0.26%

Source: DarkWebInformer
March 12th, 2025 (3 months ago)