CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-46737 |
Description: SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources.
CVSS: HIGH (7.4) EPSS Score: 0.02%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-3632 |
Description: IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module (HSM) due to improper memory allocation of an excessive size.
CVSS: HIGH (7.5) EPSS Score: 0.09%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-46610 |
Description: ARTEC EMA Mail 6.92 allows CSRF.
CVSS: HIGH (8.8) EPSS Score: 0.02%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2024-25301 |
Description: Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php.
CVSS: HIGH (7.2) EPSS Score: 3.57% SSVC Exploitation: poc
May 12th, 2025 (about 1 month ago)
|
|
CVE-2024-25213 |
Description: Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php.
CVSS: HIGH (7.2) EPSS Score: 0.08% SSVC Exploitation: poc
May 12th, 2025 (about 1 month ago)
|
|
CVE-2024-23805 |
Description:
Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled.
Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS: HIGH (7.5) EPSS Score: 0.31% SSVC Exploitation: none
May 12th, 2025 (about 1 month ago)
|
|
CVE-2024-0541 |
Description: A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. Affected by this vulnerability is the function formAddSysLogRule of the component httpd. The manipulation of the argument sysRulenEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250711. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. In Tenda W9 1.0.0.7(4456) wurde eine kritische Schwachstelle ausgemacht. Das betrifft die Funktion formAddSysLogRule der Komponente httpd. Durch Beeinflussen des Arguments sysRulenEn mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.14% SSVC Exploitation: poc
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-4553 |
Description: A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PHPGurukul Apartment Visitors Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /admin/bwdates-reports-details.php. Durch die Manipulation des Arguments fromdate/todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03% SSVC Exploitation: poc
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-45835 |
Description: A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the environment variable value CONTENT_LENGTH, causing the program to crash and potentially leading to a denial-of-service (DoS) attack.
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-47270 |
Description: nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. The `nimiq-network-libp2p` subcrate of nimiq/core-rs-albatross is vulnerable to a Denial of Service (DoS) attack due to uncontrolled memory allocation. Specifically, the implementation of the `Discovery` network message handling allocates a buffer based on a length value provided by the peer, without enforcing an upper bound. Since this length is a `u32`, a peer can trigger allocations of up to 4 GB, potentially leading to memory exhaustion and node crashes. As Discovery messages are regularly exchanged for peer discovery, this vulnerability can be exploited repeatedly. The patch for this vulnerability is formally released as part of v1.1.0. The patch implements a limit to the discovery message size of 1 MB and also resizes the message buffer size incrementally as the data is read. No known workarounds are available.
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 12th, 2025 (about 1 month ago)
|