CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-41231 |
Description: VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.
CVSS: HIGH (7.3) EPSS Score: 0.02%
May 20th, 2025 (27 days ago)
|
|
CVE-2025-41230 |
Description: VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information.
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 20th, 2025 (27 days ago)
|
|
CVE-2025-41229 |
Description: VMware Cloud Foundation contains a directory traversal vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to access certain internal services.
CVSS: HIGH (8.2) EPSS Score: 0.35%
May 20th, 2025 (27 days ago)
|
|
CVE-2025-30193 |
Description: In some circumstances, when DNSdist is configured to allow an unlimited number of queries on a single, incoming TCP connection from a client, an attacker can cause a denial of service by crafting a TCP exchange that triggers an exhaustion of the stack and a crash of DNSdist, causing a denial of service.
The remedy is: upgrade to the patched 1.9.10 version.
A workaround is to restrict the maximum number of queries on incoming TCP connections to a safe value, like 50, via the setMaxTCPQueriesPerConnection setting.
We would like to thank Renaud Allard for bringing this issue to our attention.
CVSS: HIGH (7.5) EPSS Score: 0.01%
May 20th, 2025 (27 days ago)
|
|
CVE-2025-2929 |
Description: The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS: HIGH (7.1) EPSS Score: 0.03%
May 20th, 2025 (27 days ago)
|
|
CVE-2025-4971 |
Description: Broadcom Automic
Automation Agent Unix versions <
24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution
rights on the agent executable to escalate their privileges.
CVSS: HIGH (8.5) EPSS Score: 0.29%
May 20th, 2025 (27 days ago)
|
|
Description: Impact
Multer <2.0.0 is vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal busboy stream is not closed, violating Node.js stream safety guidance.
This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted.
Patches
Users should upgrade to 2.0.0
Workarounds
None
References
https://github.com/expressjs/multer/pull/1120
https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665
References
https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5
https://nvd.nist.gov/vuln/detail/CVE-2025-47935
https://github.com/expressjs/multer/pull/1120
https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665
https://github.com/advisories/GHSA-44fp-w29j-9vj5
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 19th, 2025 (27 days ago)
|
|
|
Description: Impact
A vulnerability in Multer versions >=1.4.4-lts.1 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process.
Patches
Users should upgrade to 2.0.0
Workarounds
None
References
https://github.com/expressjs/multer/issues/1176
https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665
References
https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h
https://nvd.nist.gov/vuln/detail/CVE-2025-47944
https://github.com/expressjs/multer/issues/1176
https://github.com/expressjs/multer/commit/2c8505f207d923dd8de13a9f93a4563e59933665
https://github.com/advisories/GHSA-4pg4-qvpc-4q3h
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 19th, 2025 (27 days ago)
|
|
CVE-2025-1308 |
Description: A vulnerability exists in PX Backup whereby sensitive information may be logged under specific conditions.
CVSS: HIGH (8.4) EPSS Score: 0.02%
May 19th, 2025 (28 days ago)
|
|
|
Description: Impact
A maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result while returning data that was not actually signed.
This flaw allows signature verifications of inline (non-detached) signed messages (using openpgp.verify) and signed-and-encrypted messages (using openpgp.decrypt with verificationKeys) to be spoofed, since both functions return extracted data that may not match the data that was originally signed. Detached signature verifications are not affected, as no signed data is returned in that case.
In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker's choice, which will appear as legitimately signed by affected versions of OpenPGP.js.
In other words. any inline-signed message can be modified to return any other data (while still indicating that the signature was valid), and the same is true for signed+encrypted messages if the attacker can obtain a valid signature and encrypt a new message (of the attacker's choice) together with that signature.
Both OpenPGP.js v6 and v5 are affected. OpenPGP.js v4 is not affected.
Patches
The issue has been patched in versions 5.11.3 and 6.1.1.
Workarounds
When verifying inline-signed messages, extract the message...
CVSS: HIGH (8.7) EPSS Score: 0.01%
May 19th, 2025 (28 days ago)
|