CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-30453
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. A...
Description: The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges.

CVSS: HIGH (7.8)

EPSS Score: 0.01%

Source: CVE
May 12th, 2025 (about 1 month ago)

CVE-2025-30442
The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An...
Description: The issue was addressed with improved input sanitization. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain elevated privileges.

CVSS: HIGH (7.8)

EPSS Score: 0.02%

Source: CVE
May 12th, 2025 (about 1 month ago)

CVE-2025-24274
An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS...
Description: An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges.

CVSS: HIGH (7.8)

EPSS Score: 0.02%

Source: CVE
May 12th, 2025 (about 1 month ago)

CVE-2025-24258
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma...
Description: A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain root privileges.

CVSS: HIGH (7.8)

EPSS Score: 0.01%

Source: CVE
May 12th, 2025 (about 1 month ago)

CVE-2025-1079
RCE In Google Web Designer
Description: Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature

CVSS: HIGH (7.8)

EPSS Score: 0.01%

SSVC Exploitation: poc

Source: CVE
May 12th, 2025 (about 1 month ago)
[llama-index] LlamaIndex Vulnerable to Denial of Service (DoS)
Description: A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python's recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process. References https://nvd.nist.gov/vuln/detail/CVE-2025-1752 https://github.com/run-llama/llama_index/commit/3c65db2947271de3bd1927dc66a044da385de4da https://huntr.com/bounties/cd7b9082-7d75-42e4-84f5-dbee23cbc467 https://github.com/advisories/GHSA-7c85-87cp-mr6g

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: Github Advisory Database (PIP)
May 12th, 2025 (about 1 month ago)

CVE-2024-0297
Totolink N200RE cstecgi.cgi UploadFirmwareFile os command injection
Description: A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine kritische Schwachstelle wurde in Totolink N200RE 9.3.5u.6139_B20201216 gefunden. Betroffen davon ist die Funktion UploadFirmwareFile der Datei /cgi-bin/cstecgi.cgi. Durch das Beeinflussen des Arguments FileName mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 2.79%

SSVC Exploitation: poc

Source: CVE
May 12th, 2025 (about 1 month ago)

CVE-2024-4981
Pagure: _update_file_in_git() follows symbolic links in temporary clones
Description: A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo.

CVSS: HIGH (7.6)

EPSS Score: 0.03%

Source: CVE
May 12th, 2025 (about 1 month ago)

CVE-2025-46740
Improper Handling of Insufficient Permissions
Description: An authenticated user without user administrative permissions could change the administrator Account Name.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
May 12th, 2025 (about 1 month ago)

CVE-2025-46739
Improper Restriction of Excessive Authentication Attempts
Description: An unauthenticated user could discover account credentials via a brute-force attack without rate limiting

CVSS: HIGH (8.1)

EPSS Score: 0.07%

Source: CVE
May 12th, 2025 (about 1 month ago)