CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-27364
In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant)...
Description: In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera's Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.

CVSS: CRITICAL (10.0)

EPSS Score: 0.56%

SSVC Exploitation: poc

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-27364
CVE-2025-27364: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Description: CVE-2025-27364: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSS: CRITICAL (10.0)

EPSS Score: 0.56%

Source: DarkWebInformer
February 24th, 2025 (4 months ago)

CVE-2025-27133
WeGIA has SQL Injection endpoint at 'dao/pet/adicionar_tipo_exame.php' parameter 'tipo_exame'
Description: WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was discovered in the WeGIA application prior to version 3.2.15 at the `adicionar_tipo_exame.php` endpoint. This vulnerability allows an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. Version 3.2.15 contains a patch for the issue.

CVSS: CRITICAL (9.4)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2024-54820
CVE-2024-54820: Vulnerability: Unauthenticated SQL Injection - Clear Credentials Dump
Description: CVE-2024-54820: Vulnerability: Unauthenticated SQL Injection - Clear Credentials Dump

CVSS: CRITICAL (9.8)

EPSS Score: 0.3%

Source: DarkWebInformer
February 24th, 2025 (4 months ago)

CVE-2025-25279
[github.com/mattermost/mattermost/server/v8] Mattermost allows reading arbitrary files related to importing boards
Description: Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards. References https://nvd.nist.gov/vuln/detail/CVE-2025-25279 https://mattermost.com/security-updates https://github.com/mattermost/mattermost-plugin-boards/commit/025ce8d363a054473bc002f43f602a4032d38c06 https://github.com/mattermost/mattermost/commit/4ed702ccff4ec3c9eff832a9b6060f9f4454141d https://github.com/advisories/GHSA-5fwx-p6xh-vjrh

CVSS: CRITICAL (9.9)

EPSS Score: 4.4%

Source: Github Advisory Database (Go)
February 24th, 2025 (4 months ago)

CVE-2025-20051
[github.com/mattermost/mattermost/server/v8] Mattermost allows reading arbitrary files
Description: Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards. References https://nvd.nist.gov/vuln/detail/CVE-2025-20051 https://mattermost.com/security-updates https://github.com/mattermost/mattermost-plugin-boards/commit/025ce8d363a054473bc002f43f602a4032d38c06 https://github.com/mattermost/mattermost/commit/4ed702ccff4ec3c9eff832a9b6060f9f4454141d https://github.com/advisories/GHSA-v469-7wp6-7cvp

CVSS: CRITICAL (9.9)

EPSS Score: 0.08%

Source: Github Advisory Database (Go)
February 24th, 2025 (4 months ago)

CVE-2024-54820
XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnerability in the login page. This vulnerability...
Description: XOne Web Monitor v02.10.2024.530 framework 1.0.4.9 was discovered to contain a SQL injection vulnerability in the login page. This vulnerability allows attackers to extract all usernames and passwords via a crafted input.

CVSS: CRITICAL (9.8)

EPSS Score: 0.3%

SSVC Exploitation: poc

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-20051
CVE-2025-20051/24490/25279: Mattermost Boards Arbitrary File Read Vulnerability in Multiple Versions
Description: CVE-2025-20051/24490/25279: Mattermost Boards Arbitrary File Read Vulnerability in Multiple Versions

CVSS: CRITICAL (9.9)

EPSS Score: 0.08%

Source: DarkWebInformer
February 24th, 2025 (4 months ago)

CVE-2017-3066
Adobe ColdFusion Deserialization Vulnerability
Description: Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.

CVSS: CRITICAL (9.8)

Source: CISA KEV
February 24th, 2025 (4 months ago)

CVE-2025-25279
Arbitrary file read in Mattermost Boards via import & export board archive
Description: Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards.

CVSS: CRITICAL (9.9)

EPSS Score: 4.4%

Source: CVE
February 24th, 2025 (4 months ago)