CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-22224
Over 37,000 VMware ESXi servers vulnerable to ongoing attacks
🚨 Marked as known exploited on April 10th, 2025 (2 months ago).
Description: Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. [...]

CVSS: CRITICAL (9.3)

EPSS Score: 24.22%

Source: BleepingComputer
March 6th, 2025 (3 months ago)

CVE-2024-12144
SQLi in Finder Fire Safety's Finder ERP/CRM (Old System)
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Finder Fire Safety Finder ERP/CRM (Old System) allows SQL Injection.This issue affects Finder ERP/CRM (Old System): before 18.12.2024.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
March 6th, 2025 (3 months ago)

CVE-2024-4577
Unmasking the new persistent attacks on Japan
Description: Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim's machines and carry out post-exploitation activities.

CVSS: CRITICAL (9.8)

EPSS Score: 95.38%

Source: Cisco Talos Blog
March 6th, 2025 (3 months ago)

CVE-2025-24032
Linux Distros Unpatched Vulnerability : CVE-2025-24032
Description: Nessus Plugin ID 230636 with Critical Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if cert_policy is set to none (the default value), then pam_pkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user's public data (e.g. the user's certificate) and a PIN known to the attacker. If no signature with the private key is required, then the attacker may now login as user with that created token. The default to *not* check the private key's signature has been changed with commit commi6638576892b59a99389043c90a1e7dd4d783b921, so that all versions starting with pam_pkcs11-0.6.0 should be affected. As a workaround, in `pam_pkcs11.conf`, set at least `cert_policy = signature;`. (CVE-2025-24032)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/230636

CVSS: CRITICAL (9.2)

EPSS Score: 0.05%

Source: Tenable Plugins
March 6th, 2025 (3 months ago)

CVE-2024-57823
Linux Distros Unpatched Vulnerability : CVE-2024-57823
Description: Nessus Plugin ID 230725 with Critical Severity Synopsis The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched. Description The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path(). (CVE-2024-57823)Note that Nessus relies on the presence of the package as reported by the vendor. Solution There is no known solution at this time. Read more at https://www.tenable.com/plugins/nessus/230725

CVSS: CRITICAL (9.3)

Source: Tenable Plugins
March 6th, 2025 (3 months ago)

CVE-2025-27517
Volt Allows RCE Via User-Crafted Requests
Description: Volt is an elegantly crafted functional API for Livewire. Malicious, user-crafted request payloads could potentially lead to remote code execution within Volt components. This vulnerability is fixed in 1.7.0.

CVSS: CRITICAL (9.3)

EPSS Score: 0.19%

SSVC Exploitation: none

Source: CVE
March 5th, 2025 (3 months ago)

CVE-2025-25015
CVE-2025-25015: Kibana arbitrary code execution via prototype pollution
Description: CVE-2025-25015: Kibana arbitrary code execution via prototype pollution

CVSS: CRITICAL (9.9)

EPSS Score: 0.21%

Source: DarkWebInformer
March 5th, 2025 (3 months ago)

CVE-2025-23410
GMOD Apollo Relative Path Traversal
Description: When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types.

CVSS: CRITICAL (9.3)

EPSS Score: 0.07%

SSVC Exploitation: none

Source: CVE
March 5th, 2025 (3 months ago)

CVE-2025-24924
GMOD Apollo Missing Authentication for Critical Function
Description: Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username

CVSS: CRITICAL (9.3)

EPSS Score: 0.07%

SSVC Exploitation: none

Source: CVE
March 5th, 2025 (3 months ago)

CVE-2024-13147
SQLi in Merkur Software's B2B Login Panel
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Merkur Software B2B Login Panel allows SQL Injection.This issue affects B2B Login Panel: before 15.01.2025.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
March 5th, 2025 (3 months ago)