CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-25230 |
Description: Omnissa Horizon Client for Windows contains an LPE Vulnerability. A malicious actor with local access where Horizon Client for Windows is installed may be able to elevate privileges.
CVSS: HIGH (7.8) EPSS Score: 0.01%
April 16th, 2025 (2 months ago)
|
|
CVE-2024-27101 |
Description: SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2.
CVSS: HIGH (7.3) EPSS Score: 0.04% SSVC Exploitation: none
April 16th, 2025 (2 months ago)
|
|
CVE-2024-0692 |
Description: The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.
CVSS: HIGH (8.8) EPSS Score: 75.98% SSVC Exploitation: none
April 16th, 2025 (2 months ago)
|
|
CVE-2025-31200 |
🚨 Marked as known exploited on April 17th, 2025 (2 months ago).
Description: A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
CVSS: HIGH (7.5) EPSS Score: 0.22% SSVC Exploitation: none
April 16th, 2025 (2 months ago)
|
|
CVE-2024-43888 |
Description: In the Linux kernel, the following vulnerability has been resolved:
mm: list_lru: fix UAF for memory cgroup
The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or
cgroup_mutex or others which could prevent returned memcg from being
freed. Fix it by adding missing rcu read lock.
Found by code inspection.
[[email protected]: only grab rcu lock when necessary, per Vlastimil]
CVSS: HIGH (7.8) EPSS Score: 0.04% SSVC Exploitation: none
April 16th, 2025 (2 months ago)
|
|
CVE-2025-32872 |
Description: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetOverview' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.
CVSS: HIGH (8.8) EPSS Score: 0.11%
April 16th, 2025 (2 months ago)
|
|
CVE-2025-32871 |
Description: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'MigrateDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.
CVSS: HIGH (8.8) EPSS Score: 0.11%
April 16th, 2025 (2 months ago)
|
|
CVE-2025-32870 |
Description: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'GetTraces' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.
CVSS: HIGH (8.8) EPSS Score: 0.11%
April 16th, 2025 (2 months ago)
|
|
CVE-2025-32869 |
Description: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.
CVSS: HIGH (8.8) EPSS Score: 0.06%
April 16th, 2025 (2 months ago)
|
|
CVE-2025-32868 |
Description: A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.2). The affected application is vulnerable to SQL injection through the internally used 'ExportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write to the application's database and execute code with "NT AUTHORITY\NetworkService" permissions. A successful attack requires the attacker to be able to access port 8000 on a system where a vulnerable version of the affected application is executed on.
CVSS: HIGH (8.8) EPSS Score: 0.06%
April 16th, 2025 (2 months ago)
|