CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-57698 |
Description: An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the /user/list?culture=en-us endpoint.
CVSS: HIGH (7.5) EPSS Score: 0.05%
April 29th, 2025 (about 2 months ago)
|
|
CVE-2025-46349 |
Description: YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been patched in version 4.5.4.
CVSS: HIGH (7.6) EPSS Score: 0.05%
April 29th, 2025 (about 2 months ago)
|
|
CVE-2025-23181 |
Description: CWE-250: Execution with Unnecessary Privileges
CVSS: HIGH (8.0) EPSS Score: 0.03%
April 29th, 2025 (about 2 months ago)
|
|
CVE-2025-23180 |
Description: CWE-250: Execution with Unnecessary Privileges
CVSS: HIGH (8.0) EPSS Score: 0.03%
April 29th, 2025 (about 2 months ago)
|
|
CVE-2025-23178 |
Ribbon Communications - CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
Description: CWE-923: Improper Restriction of Communication Channel to Intended Endpoints
CVSS: HIGH (7.6) EPSS Score: 0.04%
April 29th, 2025 (about 2 months ago)
|
|
CVE-2025-23177 |
Description: CWE-427: Uncontrolled Search Path Element
CVSS: HIGH (7.6) EPSS Score: 0.04%
April 29th, 2025 (about 2 months ago)
|
|
CVE-2025-22882 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.4
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: ISPSoft
Vulnerabilities: Stack-based Buffer Overflow, Out-of-bounds Write
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in an attacker executing arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of ISPSoft are affected:
ISPSoft: Versions 3.19 and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121
Delta Electronics ISPSoft Versions 3.19 and prior are vulnerable to a stack-based buffer overflow vulnerability that could allow an attacker to leverage debugging logic to execute arbitrary code when parsing CBDGL files.
CVE-2025-22882 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2025-22882. A base score of 8.4 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.2.2 OUT-OF-BOUNDS WRITE CWE-787
Delta Electronics ISPSoft Versions 3.19 and prior are vulnerable to an out-of-bounds write vulnerability that could allow an attacker to execute arbitrary code when parsing DVP files.
CVE-2025-22883 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also b...
CVSS: HIGH (7.8) EPSS Score: 0.04%
April 29th, 2025 (about 2 months ago)
|
|
CVE-2025-3618 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.7
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Rockwell Automation
Equipment: ThinManager
Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Incorrect Default Permissions
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to escalate privileges and cause a denial-of-service condition.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of ThinManager, a software management platform, are affected:
ThinManager: Version 14.0.0 and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
A denial-of-service vulnerability exists in Rockwell Automation ThinManager. The software fails to adequately verify the outcome of memory allocation while processing Type 18 messages. If exploited, a threat actor could cause a denial of service on the target software.
CVE-2025-3618 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
A CVSS v4 score has also been calculated for CVE-2025-3618. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).
3.2.2 INCORRECT DEFAULT PERMISSIONS CWE-276
A privilege escalation vulnerability exists in Rockwell Automation ThinManager. When the software star...
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 29th, 2025 (about 2 months ago)
|
|
CVE-2025-24206 |
Description: An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.
CVSS: HIGH (7.7) EPSS Score: 0.03% SSVC Exploitation: none
April 29th, 2025 (about 2 months ago)
|
|
CVE-2025-30194 |
Description: When DNSdist is configured to provide DoH via the nghttp2 provider, an attacker can cause a denial of service by crafting a DoH exchange that triggers an illegal memory access (double-free) and crash of DNSdist, causing a denial of service.
The remedy is: upgrade to the patched 1.9.9 version.
A workaround is to temporarily switch to the h2o provider until DNSdist has been upgraded to a fixed version.
We would like to thank Charles Howes for bringing this issue to our attention.
CVSS: HIGH (7.5) EPSS Score: 0.01%
April 29th, 2025 (about 2 months ago)
|