CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
[CefSharp.OffScreen] CefSharp affected by incorrect handle provided in unspecified circumstances in Mojo on Windows
Description: Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) https://nvd.nist.gov/vuln/detail/CVE-2025-2783 https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html https://issues.chromium.org/issues/405143032 References https://github.com/cefsharp/CefSharp/security/advisories/GHSA-f87w-3j5w-v58p https://nvd.nist.gov/vuln/detail/CVE-2025-2783 https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html https://github.com/cefsharp/CefSharp/releases/tag/v134.3.90 https://issues.chromium.org/issues/405143032 https://github.com/advisories/GHSA-f87w-3j5w-v58p

CVSS: HIGH (8.3)

EPSS Score: 2.01%

Source: Github Advisory Database (Nuget)
April 12th, 2025 (3 months ago)

CVE-2025-29834
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Description: Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: CVE
April 12th, 2025 (3 months ago)

CVE-2025-29803
Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability
Description: Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.

CVSS: HIGH (7.3)

EPSS Score: 0.06%

Source: CVE
April 12th, 2025 (3 months ago)

CVE-2024-0397
Memory race condition in ssl.SSLContext certificate store methods
Description: A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5.

CVSS: HIGH (7.4)

EPSS Score: 0.39%

SSVC Exploitation: none

Source: CVE
April 11th, 2025 (3 months ago)

CVE-2025-32367
The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference....
Description: The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions.

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: CVE
April 11th, 2025 (3 months ago)

CVE-2024-13861
A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users...
Description: A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected.

CVSS: HIGH (7.8)

EPSS Score: 0.01%

Source: CVE
April 11th, 2025 (3 months ago)

CVE-2024-52280
Users can issue watch commands for arbitrary resources
Description: A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b.

CVSS: HIGH (7.7)

EPSS Score: 0.02%

Source: CVE
April 11th, 2025 (3 months ago)

CVE-2025-23389
Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login
Description: A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

CVSS: HIGH (8.4)

EPSS Score: 0.07%

Source: CVE
April 11th, 2025 (3 months ago)

CVE-2025-23388
Unauthenticated stack overflow in /v3-public/authproviders API
Description: A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

CVSS: HIGH (8.2)

EPSS Score: 0.05%

Source: CVE
April 11th, 2025 (3 months ago)

CVE-2025-31932
Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the...
Description: Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console. The vendor provides the workaround information and recommends to apply it to the deployment environment.

CVSS: HIGH (8.8)

EPSS Score: 0.06%

Source: CVE
April 11th, 2025 (3 months ago)