CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31496 |
Description: apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in some cases during query validation, leading to exponential resource usage when deeply nested and reused fragments were involved. This could lead to excessive resource consumption and denial of service in applications. This vulnerability is fixed in 1.27.0.
CVSS: HIGH (7.5) EPSS Score: 0.05%
April 7th, 2025 (3 months ago)
|
|
CVE-2025-29769 |
Description: libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't many ways to create a "multiband" input, but it is possible with a well-crafted TIFF image. If a "multiband" TIFF input image had 4 channels and HEIF-based output was requested, this led to libvips creating a 3 channel HEIF image without an alpha channel but then attempting to write 4 channels of data. This caused a heap buffer overflow, which could crash the process. This vulnerability is fixed in 8.16.1.
CVSS: HIGH (8.5) EPSS Score: 0.02%
April 7th, 2025 (3 months ago)
|
|
CVE-2025-3426 |
Description: We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Specifically, the app’s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-engineer the application to gain insights into its internal workings, which can potentially lead to the discovery of sensitive information, business logic flaws, and other vulnerabilities.
Utilizing this flaw, the attacker was able to identify the Hardcoded credentials from PortalUsersDatabase.dll, which contains .NET remoting definition. Inside the namespace PortalUsersDatabase, the class Users contains the functions CreateAdmin and CreateService that are used to initialize accounts in the Portal service. Both CreateAdmin and CreateService functions contain a hardcoded encrypted password along with its respective salt that are set with the function SetInitialPasswordAndSalt.
This issue affects IntelliSpace Portal: 12 and prior; Advanced Visualization Workspace: 15.
CVSS: HIGH (7.2) EPSS Score: 0.02%
April 7th, 2025 (3 months ago)
|
|
CVE-2025-3425 |
Description: The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the deserialization vulnerability. After analyzing the configuration files, we observed that the server had set the TypeFilterLevel to Full which is dangerous as it can potentially lead to remote code execution using deserialization. This issue affects IntelliSpace Portal: 12 and prior.
CVSS: HIGH (7.3) EPSS Score: 0.35% SSVC Exploitation: none
April 7th, 2025 (3 months ago)
|
|
CVE-2025-3424 |
Description: The IntelliSpace portal application utilizes .NET
Remoting for its functionality. The vulnerability arises from the exploitation
of port 755 through the "Object Marshalling" technique, which allows
an attacker to read internal files without any authentication. This is possible
by crafting specific .NET Remoting URLs derived from information enumerated in
the client-side configuration files.
This issue affects IntelliSpace Portal: 12 and prior.
CVSS: HIGH (7.7) EPSS Score: 0.06%
April 7th, 2025 (3 months ago)
|
|
CVE-2025-30195 |
Description: An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service.
The remedy is: upgrade to the patched 5.2.1 version.
We would like to thank Volodymyr Ilyin for bringing this issue to our attention.
CVSS: HIGH (7.5) EPSS Score: 0.01%
April 7th, 2025 (3 months ago)
|
|
CVE-2025-21448 |
Description: Transient DOS may occur while parsing SSID in action frames.
CVSS: HIGH (7.5) EPSS Score: 0.07%
April 7th, 2025 (3 months ago)
|
|
CVE-2025-21447 |
Description: Memory corruption may occur while processing device IO control call for session control.
CVSS: HIGH (7.8) EPSS Score: 0.02%
April 7th, 2025 (3 months ago)
|
|
CVE-2025-21443 |
Description: Memory corruption while processing message content in eAVB.
CVSS: HIGH (7.8) EPSS Score: 0.02%
April 7th, 2025 (3 months ago)
|
|
CVE-2025-21442 |
Description: Memory corruption while transmitting packet mapping information with invalid header payload size.
CVSS: HIGH (7.8) EPSS Score: 0.02%
April 7th, 2025 (3 months ago)
|