CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-35471 |
Description: conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected.
CVSS: HIGH (7.3) EPSS Score: 0.01%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2024-8404 |
Description: An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder.
Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server.
Update:
This CVE has been updated in May 2025 to update the fixed version and fix process. Please refer to the May 2025 Security Bulletin.
Note:
This CVE has been split from CVE-2024-3037.
CVSS: HIGH (7.8) EPSS Score: 0.06% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-31259 |
Description: The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.5. An app may be able to gain elevated privileges.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-31253 |
Description: This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced.
CVSS: HIGH (7.1) EPSS Score: 0.03%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-31249 |
Description: A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
CVSS: HIGH (7.1) EPSS Score: 0.03%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-31247 |
Description: A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An attacker may gain access to protected parts of the file system.
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-31246 |
Description: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6. Connecting to a malicious AFP server may corrupt kernel memory.
CVSS: HIGH (8.8) EPSS Score: 0.04%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-31244 |
Description: A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
CVSS: HIGH (8.8) EPSS Score: 0.02%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-31240 |
Description: This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share may lead to system termination.
CVSS: HIGH (7.5) EPSS Score: 0.13%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-31237 |
Description: This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share may lead to system termination.
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 12th, 2025 (about 1 month ago)
|