CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-22460
Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.
Description: Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.

CVSS: HIGH (7.8)

EPSS Score: 0.03%

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2024-48766
NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related...
🚨 Marked as known exploited on May 13th, 2025 (about 1 month ago).
Description: NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php.

CVSS: HIGH (8.6)

EPSS Score: 69.03%

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2025-43011
Missing Authorization Check in SAP Landscape Transformation (PCL Basis)
Description: Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data. This can lead to a high impact on confidentiality with no impact on the integrity or availability of the application.

CVSS: HIGH (7.7)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2025-43010
Code injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL))
Description: SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application.

CVSS: HIGH (8.3)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2025-43000
Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW)
Description: Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application.

CVSS: HIGH (7.9)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2025-30018
Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
Description: The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the application's confidentiality, with no effect on integrity and availability of the application.

CVSS: HIGH (8.6)

EPSS Score: 0.08%

SSVC Exploitation: none

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2024-42446
TOCTOU in SmmWhea
Description: APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.

CVSS: HIGH (7.5)

EPSS Score: 0.02%

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2025-4648
A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request.
Description: Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inject XSS by altering the content of a SVG media during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.

CVSS: HIGH (8.4)

EPSS Score: 0.01%

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2025-4647
A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29.

CVSS: HIGH (8.4)

EPSS Score: 0.03%

Source: CVE
May 13th, 2025 (about 1 month ago)

CVE-2025-4646
A high privilege user is able to create and use a valid admin API token in centreon-web
Description: Improper Privilege Management vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.

CVSS: HIGH (7.2)

EPSS Score: 0.03%

Source: CVE
May 13th, 2025 (about 1 month ago)