CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-21191 |
Description: Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.0) EPSS Score: 0.03%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-21174 |
Description: Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVSS: HIGH (7.5) EPSS Score: 1.59%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-27083 |
Description: Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system.
CVSS: HIGH (7.2) EPSS Score: 0.19%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-27082 |
Description: Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlying host operating system.
CVSS: HIGH (7.2) EPSS Score: 0.06%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-3289 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-3288 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-3287 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-3286 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-3285 |
Description: A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-32018 |
Description: Cursor is a code editor built for programming with AI. In versions 0.45.0 through 0.48.6, the Cursor app introduced a regression affecting the set of file paths the Cursor Agent is permitted to modify automatically. Under specific conditions, the agent could be prompted, either directly by the user or via maliciously crafted context, to automatically write to files outside of the opened workspace. This behavior required deliberate prompting, making successful exploitation highly impractical in real-world scenarios. Furthermore, the edited file was still displayed in the UI as usual for user review, making it unlikely for the edit to go unnoticed by the user. This vulnerability is fixed in 0.48.7.
CVSS: HIGH (8.1) EPSS Score: 0.03%
April 8th, 2025 (3 months ago)
|