CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-4639 |
Description: CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0.
CVSS: HIGH (8.8) EPSS Score: 0.06%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-2900 |
Description: IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-0131 |
Description: An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.
CVSS: HIGH (7.1) EPSS Score: 0.01%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2024-24981 |
Description: Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
CVSS: HIGH (7.5) EPSS Score: 0.03% SSVC Exploitation: none
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-47710 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
CVSS: HIGH (7.4) EPSS Score: 0.06%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-47707 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
CVSS: HIGH (7.5) EPSS Score: 0.06%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-47701 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Drupal Restrict route by IP allows Cross Site Request Forgery.This issue affects Restrict route by IP: from 0.0.0 before 1.3.0.
CVSS: HIGH (8.8) EPSS Score: 0.02%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-4637 |
Description: Divide By Zero vulnerability in davisking dlib allows
remote attackers to cause a denial of service via a crafted file.
.This issue affects dlib: before <19.24.7.
CVSS: HIGH (8.7) EPSS Score: 0.19%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-30663 |
Description: Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS: HIGH (8.8) EPSS Score: 0.01%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-0130 |
Description: A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets that causes the firewall to become unresponsive and eventually reboot. Repeated successful attempts to trigger this condition will cause the firewall to enter maintenance mode.
This issue does not affect Cloud NGFW or Prisma Access.
CVSS: HIGH (8.2) EPSS Score: 0.05%
May 14th, 2025 (about 1 month ago)
|