CyberAlerts

CVE-2025-4555

ZONG YU Okcat Parking Management Platform - Missing Authentication

Description: The web management interface of Okcat Parking Management Platform from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access system functions. These functions include opening gates, viewing license plates and parking records, and restarting the system.

CVSS: CRITICAL (9.8)

EPSS Score: 0.18%

Source: CVE

May 12th, 2025 (27 days ago)

Threat Brief: CVE-2025-31324

Description: CVE-2025-31324 impacts SAP NetWeaver's Visual Composer Framework. We share our observations on this vulnerability using incident response cases and telemetry. The post Threat Brief: CVE-2025-31324 appeared first on Unit 42.

CVSS: CRITICAL (10.0)

EPSS Score: 78.65%

Source: Palo Alto Unit42

May 9th, 2025 (29 days ago)

CVE-2024-23816

A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence...

Description: A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application.

CVSS: CRITICAL (9.8)

EPSS Score: 0.73%

SSVC Exploitation: none

Source: CVE

May 9th, 2025 (29 days ago)

CVE-2024-1374

Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console

Description: A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .

CVSS: CRITICAL (9.1)

EPSS Score: 2.08%

SSVC Exploitation: none

Source: CVE

May 9th, 2025 (29 days ago)

CVE-2024-1372

Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console

Description: A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .

CVSS: CRITICAL (9.1)

EPSS Score: 0.36%

SSVC Exploitation: none

Source: CVE

May 9th, 2025 (29 days ago)

CVE-2024-1359

Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console

Description: A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .

CVSS: CRITICAL (9.1)

EPSS Score: 0.43%

SSVC Exploitation: none

Source: CVE

May 9th, 2025 (29 days ago)

CVE-2025-46188

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php.

Description: SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE

May 9th, 2025 (30 days ago)

CVE-2024-12442

Command injection in EnerSys AMPA versions 24.04 through 24.16, inclusive

Description: EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access.

CVSS: CRITICAL (9.8)

EPSS Score: 0.4%

Source: CVE

May 9th, 2025 (30 days ago)

CVE-2024-11861

Command injection in EnerSys AMPA 22.09 and prior versions

Description: EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access.

CVSS: CRITICAL (9.8)

EPSS Score: 0.4%

Source: CVE

May 9th, 2025 (30 days ago)

Cybersecurity Snapshot: U.K. NCSC’s Best Cyber Advice on AI Security, the Quantum Threat, API Risks, Mobile Malware and More

🚨 Marked as known exploited on May 9th, 2025 (30 days ago).

Description: In this special edition of the Cybersecurity Snapshot, we bring you some of the most valuable guidance offered by the U.K. National Cyber Security Centre (NCSC) in the past 18 months. Check out best practices, recommendations and insights on protecting your AI systems, APIs and mobile devices, as well as on how to prep for post-quantum cryptography, and more.In case you missed it, here are six NCSC recommendations to help your organization fine-tune its cybersecurity strategy and operations.1 - How to migrate to quantum-resistant cryptographyIs your organization planning to adopt cryptography that can resist attacks from future quantum computers? If so, you might want to check out the NCSC’s “Timelines for migration to post-quantum (PQC) cryptography,” a white paper aimed at helping organizations plan their migration to quantum-resistant cryptography.“Migration to PQC can be viewed as any large technology transition. In the guidance, we describe the key steps in such a transition, and illustrate some of the cryptography and PQC-specific elements required at each stage of the programme,” reads a companion blog. At a high-level, the NCSC proposes these three key milestones:By 2028Define the organization’s migration goals.Assess which services and infrastructure need to have their cryptography upgraded to PQC.Draft an initial migration plan that includes, for example, the highest priority migration steps; the necessary investment; and what you’ll need from your suppliers.By 2...

CVSS: CRITICAL (9.0)

Source: Tenable Blog

May 9th, 2025 (30 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-4555	ZONG YU Okcat Parking Management Platform - Missing Authentication Description: The web management interface of Okcat Parking Management Platform from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access system functions. These functions include opening gates, viewing license plates and parking records, and restarting the system. CVSS: CRITICAL (9.8) EPSS Score: 0.18% Source: CVE May 12th, 2025 (27 days ago)
	Threat Brief: CVE-2025-31324 Description: CVE-2025-31324 impacts SAP NetWeaver's Visual Composer Framework. We share our observations on this vulnerability using incident response cases and telemetry. The post Threat Brief: CVE-2025-31324 appeared first on Unit 42. CVSS: CRITICAL (10.0) EPSS Score: 78.65% Source: Palo Alto Unit42 May 9th, 2025 (29 days ago)
CVE-2024-23816	A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence... Description: A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application. CVSS: CRITICAL (9.8) EPSS Score: 0.73% SSVC Exploitation: none Source: CVE May 9th, 2025 (29 days ago)
CVE-2024-1374	Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console Description: A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com . CVSS: CRITICAL (9.1) EPSS Score: 2.08% SSVC Exploitation: none Source: CVE May 9th, 2025 (29 days ago)
CVE-2024-1372	Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console Description: A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com . CVSS: CRITICAL (9.1) EPSS Score: 0.36% SSVC Exploitation: none Source: CVE May 9th, 2025 (29 days ago)
CVE-2024-1359	Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console Description: A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com . CVSS: CRITICAL (9.1) EPSS Score: 0.43% SSVC Exploitation: none Source: CVE May 9th, 2025 (29 days ago)
CVE-2025-46188	SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php. Description: SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE May 9th, 2025 (30 days ago)
CVE-2024-12442	Command injection in EnerSys AMPA versions 24.04 through 24.16, inclusive Description: EnerSys AMPA versions 24.04 through 24.16, inclusive, are vulnerable to command injection leading to privileged remote shell access. CVSS: CRITICAL (9.8) EPSS Score: 0.4% Source: CVE May 9th, 2025 (30 days ago)
CVE-2024-11861	Command injection in EnerSys AMPA 22.09 and prior versions Description: EnerSys AMPA 22.09 and prior versions are vulnerable to command injection leading to privileged remote shell access. CVSS: CRITICAL (9.8) EPSS Score: 0.4% Source: CVE May 9th, 2025 (30 days ago)
	Cybersecurity Snapshot: U.K. NCSC’s Best Cyber Advice on AI Security, the Quantum Threat, API Risks, Mobile Malware and More 🚨 Marked as known exploited on May 9th, 2025 (30 days ago). Description: In this special edition of the Cybersecurity Snapshot, we bring you some of the most valuable guidance offered by the U.K. National Cyber Security Centre (NCSC) in the past 18 months. Check out best practices, recommendations and insights on protecting your AI systems, APIs and mobile devices, as well as on how to prep for post-quantum cryptography, and more.In case you missed it, here are six NCSC recommendations to help your organization fine-tune its cybersecurity strategy and operations.1 - How to migrate to quantum-resistant cryptographyIs your organization planning to adopt cryptography that can resist attacks from future quantum computers? If so, you might want to check out the NCSC’s “Timelines for migration to post-quantum (PQC) cryptography,” a white paper aimed at helping organizations plan their migration to quantum-resistant cryptography.“Migration to PQC can be viewed as any large technology transition. In the guidance, we describe the key steps in such a transition, and illustrate some of the cryptography and PQC-specific elements required at each stage of the programme,” reads a companion blog. At a high-level, the NCSC proposes these three key milestones:By 2028Define the organization’s migration goals.Assess which services and infrastructure need to have their cryptography upgraded to PQC.Draft an initial migration plan that includes, for example, the highest priority migration steps; the necessary investment; and what you’ll need from your suppliers.By 2... CVSS: CRITICAL (9.0) Source: Tenable Blog May 9th, 2025 (30 days ago)