CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-4098 |
Description: Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected installations of Cscape.
CVSS: HIGH (8.4) EPSS Score: 0.02%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2025-1948 |
Description: In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE.
The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting.
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2024-13009 |
Description: In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request
body. This can result in corrupted and/or inadvertent sharing of data between requests.
CVSS: HIGH (7.2) EPSS Score: 0.04%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2025-45843 |
Description: TOTOLINK NR1800X V9.1.0u.6681_B20230703 was discovered to contain an authenticated stack overflow via the ssid parameter in the setWiFiGuestCfg function.
CVSS: HIGH (8.8) EPSS Score: 0.08%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2025-26842 |
Description: An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog.
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 8th, 2025 (about 1 month ago)
|
|
CVE-2024-24697 |
Description: Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS: HIGH (7.2) EPSS Score: 0.04% SSVC Exploitation: none
May 8th, 2025 (about 1 month ago)
|
|
CVE-2024-1354 |
Description: A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.
CVSS: HIGH (8.0) EPSS Score: 0.26% SSVC Exploitation: none
May 8th, 2025 (about 1 month ago)
|
|
CVE-2024-0568 |
Description:
CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering
of device configuration over NFC communication.
CVSS: HIGH (8.8) EPSS Score: 0.16% SSVC Exploitation: none
May 8th, 2025 (about 1 month ago)
|
|
CVE-2025-27578 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Pixmeo
Equipment: OsiriX MD
Vulnerabilities: Use After Free, Cleartext Transmission of Sensitive Information
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption, resulting in a denial-of-service condition or to steal credentials.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Pixmeo products are affected:
OsiriX MD: Versions 14.0.1 (Build 2024-02-28) and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 USE AFTER FREE CWE-416
The affected product is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition.
CVE-2025-27578 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
A CVSS v4 score has also been calculated for CVE-2025-27578. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).
3.2.2 USE AFTER FREE CWE-416
The affected product is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.
CVE-2025-31946 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.2 has been calculated; the CVSS vector...
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 8th, 2025 (about 1 month ago)
|
|
Description: Summary
Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with extremely large numbers of parameters.
Details
The vulnerability arises because Rack::QueryParser iterates over each &-separated key-value pair and adds it to a Hash without enforcing an upper bound on the total number of parameters. This allows an attacker to send a single request containing hundreds of thousands (or more) of parameters, which consumes excessive memory and CPU during parsing.
Impact
An attacker can trigger denial of service by sending specifically crafted HTTP requests, which can cause memory exhaustion or pin CPU resources, stalling or crashing the Rack server. This results in full service disruption until the affected worker is restarted.
Mitigation
Update to a version of Rack that limits the number of parameters parsed, or
Use middleware to enforce a maximum query string size or parameter count, or
Employ a reverse proxy (such as Nginx) to limit request sizes and reject oversized query strings or bodies.
Limiting request body sizes and query string lengths at the web server or CDN level is an effective mitigation.
References
https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx
https://nvd.nist.gov/vuln/detail/CVE-2025-46727
https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712
https://github.com/rack...
CVSS: HIGH (7.5) EPSS Score: 1.1%
May 8th, 2025 (about 1 month ago)
|