CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-20936 |
Description: Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root.
CVSS: HIGH (8.8) EPSS Score: 0.02%
April 8th, 2025 (3 months ago)
|
|
CVE-2024-23847 |
Description: Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.
CVSS: HIGH (7.8) EPSS Score: 0.04% SSVC Exploitation: none
April 8th, 2025 (3 months ago)
|
|
CVE-2025-2526 |
Description: The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'st_Authentication_Controller::edit_profile' function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
CVSS: HIGH (8.8) EPSS Score: 0.16%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-2525 |
Description: The Streamit theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'st_Authentication_Controller::edit_profile' function in all versions up to, and including, 4.0.1. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (8.8) EPSS Score: 0.42%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-32409 |
Description: Ratta SuperNote A6 X2 Nomad before December 2024 allows remote code execution because an arbitrary firmware image (signed with debug keys) can be sent to TCP port 60002, and placed into the correct image-update location as a consequence of both directory traversal and unintended handling of concurrency.
CVSS: HIGH (8.1) EPSS Score: 1.33%
April 7th, 2025 (3 months ago)
|
|
CVE-2025-32034 |
Description: The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, a vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. Named fragments were being expanded once per fragment spread during query planning, leading to exponential resource usage when deeply nested and reused fragments were involved. This could lead to excessive resource consumption and denial of service. This has been remediated in apollo-router versions 1.61.2 and 2.1.1.
CVSS: HIGH (7.5) EPSS Score: 0.05%
April 7th, 2025 (3 months ago)
|
|
CVE-2025-32033 |
Description: The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters (e.g. for a query's height). If a counter exceeded the maximum value for this data type (4,294,967,295), it wrapped around to 0, unintentionally allowing queries to bypass configured thresholds. This could occur for large queries if the payload limit were sufficiently increased, but could also occur for small queries with deeply nested and reused named fragments. This has been remediated in apollo-router versions 1.61.2 and 2.1.1.
CVSS: HIGH (7.5) EPSS Score: 0.05%
April 7th, 2025 (3 months ago)
|
|
CVE-2025-32032 |
Description: The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. The query planner includes an optimization that significantly speeds up planning for applicable GraphQL selections. However, queries with deeply nested and reused named fragments can generate many selections where this optimization does not apply, leading to significantly longer planning times. Because the query planner does not enforce a timeout, a small number of such queries can exhaust router's thread pool, rendering it inoperable. This could lead to excessive resource consumption and denial of service. This has been remediated in apollo-router versions 1.61.2 and 2.1.1.
CVSS: HIGH (7.5) EPSS Score: 0.05%
April 7th, 2025 (3 months ago)
|
|
CVE-2025-32031 |
Description: Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal optimizations being frequently bypassed. The query planner includes an optimization that significantly speeds up planning for applicable GraphQL selections. However, queries with deeply nested and reused named fragments can generate many selections where this optimization does not apply, leading to significantly longer planning times. Because the query planner does not enforce a timeout, a small number of such queries can render gateway inoperable. This could lead to excessive resource consumption and denial of service. This has been remediated in @apollo/gateway version 2.10.1.
CVSS: HIGH (7.5) EPSS Score: 0.05%
April 7th, 2025 (3 months ago)
|
|
CVE-2025-32030 |
Description: Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragment expansion. Named fragments were being expanded once per fragment spread during query planning, leading to exponential resource usage when deeply nested and reused fragments were involved. This could lead to excessive resource consumption and denial of service. This has been remediated in @apollo/gateway version 2.10.1.
CVSS: HIGH (7.5) EPSS Score: 0.05%
April 7th, 2025 (3 months ago)
|