CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-45608 |
Description: Incorrect access control in the /system/user/findUserList API of Xinguan v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload.
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 5th, 2025 (about 2 months ago)
|
|
Description: The fix to https://cantina.xyz/code/c486d600-bed0-4fc6-aed1-de759fd29fa2/findings/21 has a typo that still results in the highest limb of pc being range checked to 8-bits instead of 6-bits.
In the AIR, we do https://github.com/openvm-org/openvm/blob/0f94c8a3dfa7536c1231465d1bdee5fc607a5993/extensions/rv32im/circuit/src/auipc/core.rs#L135
for (i, limb) in pc_limbs.iter().skip(1).enumerate() {
if i == pc_limbs.len() - 1 {
It should be
for (i, limb) in pc_limbs.iter().enumerate().skip(1) {
Right now the if statement is never triggered because the enumeration gives i=0,1,2 when we instead want i=1,2,3. What this means is that pc_limbs[3] is range checked to 8-bits instead of 6-bits.
This leads to a vulnerability where the pc_limbs decomposition differs from the true pc, which means a malicious prover can make the destination register take a different value than the AUIPC instruction dictates, by making the decomposition overflow the BabyBear field.
References
https://github.com/openvm-org/openvm/security/advisories/GHSA-jf2r-x3j4-23m7
https://nvd.nist.gov/vuln/detail/CVE-2025-46723
https://github.com/openvm-org/openvm/commit/68da4b50c033da5603517064aa0a08e1bbf70a01
https://cantina.xyz/code/c486d600-bed0-4fc6-aed1-de759fd29fa2/findings/21
https://github.com/openvm-org/openvm/blob/0f94c8a3dfa7536c1231465d1bdee5fc607a5993/extensions/rv32im/circuit/src/auipc/core.rs#L135
https://github.com/openvm-org/openvm/releases/tag/v1.1.0
https://github.com/advi...
CVSS: HIGH (7.8) EPSS Score: 0.06%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-46340 |
Description: Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in `UrlPreviewService` and `MkUrlPreview`, it is possible for an attacker to inject arbitrary CSS into the `MkUrlPreview` component. `UrlPreviewService.wrap` falls back to returning the original URL if it's using a protocol that is likely to not be understood by Misskey, IE something other than `http` or `https`. This both can de-anonymize users and_allow further attacks in the client. Additionally, `MkUrlPreview` doesn't escape CSS when applying a `background-image` property, allowing an attacker to craft a URL that applies arbitrary styles to the preview element. Theoretically, an attacker can craft a CSS injection payload to create a fake error message that can deceive the user into giving away their credentials or similar sensitive information. Version 2025.4.1 contains a patch for the issue.
CVSS: HIGH (7.2) EPSS Score: 0.06% SSVC Exploitation: poc
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-46335 |
Description: Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A Stored Cross-Site Scripting (XSS) vulnerability has been identified in MobSF versions up to and including 4.3.2. The vulnerability arises from improper sanitization of user-supplied SVG files during the Android APK analysis workflow. Version 4.3.3 fixes the issue.
CVSS: HIGH (8.6) EPSS Score: 0.03% SSVC Exploitation: poc
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-43852 |
Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function in vr.py. In uvr , if model_name contains the string "DeEcho", a new instance of AudioPreDeEcho class is created with the model_path attribute containing the aforementioned user input. In the AudioPreDeEcho class, the user input is used to load the model on that path with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.
CVSS: HIGH (8.9) EPSS Score: 0.41% SSVC Exploitation: none
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-43851 |
Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function in vr.py. In uvr , a new instance of AudioPre class is created with the model_path attribute containing the aformentioned user input. In the AudioPre class, the user input, is used to load the model on that path with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.
CVSS: HIGH (8.9) EPSS Score: 0.41% SSVC Exploitation: none
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-43850 |
Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpt_dir variable takes user input (e.g. a path to a model) and passes it to the change_info function in export.py, which uses it to load the model on that path with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.
CVSS: HIGH (8.9) EPSS Score: 0.41% SSVC Exploitation: none
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-43849 |
Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The ckpt_a and cpkt_b variables take user input (e.g. a path to a model) and pass it to the merge function in process_ckpt.py, which uses them to load the models on those paths with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.
CVSS: HIGH (8.9) EPSS Score: 0.42% SSVC Exploitation: none
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-4283 |
Description: A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Login.php?f=login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in SourceCodester/oretnom23 Stock Management System 1.0 gefunden. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /classes/Login.php?f=login. Durch das Manipulieren des Arguments Username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03% SSVC Exploitation: poc
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-4279 |
Description: The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'external_image_replace_get_posts::replace_post' function in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (8.8) EPSS Score: 0.16% SSVC Exploitation: none
May 5th, 2025 (about 2 months ago)
|