CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-2229 |
Description: A token is created using the username, current date/time, and a fixed
AES-128 encryption key, which is the same across all installations.
CVSS: HIGH (7.7) EPSS Score: 0.01%
March 13th, 2025 (4 months ago)
|
|
CVE-2025-24053 |
Description: Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
CVSS: HIGH (7.2) EPSS Score: 0.13%
March 13th, 2025 (4 months ago)
|
|
CVE-2025-2081 |
Description: Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients.
CVSS: HIGH (8.7) EPSS Score: 0.05%
March 13th, 2025 (4 months ago)
|
|
CVE-2024-37398 |
Description: Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
CVSS: HIGH (7.8) EPSS Score: 0.06% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
|
CVE-2024-32504 |
Description: An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper length checking, which can result in an OOB (Out-of-Bounds) Write vulnerability.
CVSS: HIGH (8.4) EPSS Score: 0.05% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
|
CVE-2024-21677 |
Description: This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.
Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version and that Confluence Server customers upgrade to the latest 8.5.x LTS version.
If you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html
You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.
This vulnerability was reported via our Bug Bounty program.
CVSS: HIGH (8.3) EPSS Score: 0.81% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
|
CVE-2024-21092 |
Description: Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). The supported version that is affected is 6.2.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
CVSS: HIGH (8.1) EPSS Score: 0.64% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
|
CVE-2024-20909 |
Description: Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
CVSS: HIGH (7.5) EPSS Score: 0.22% SSVC Exploitation: none
March 13th, 2025 (4 months ago)
|
|
CVE-2025-27138 |
Description: DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which may cause the risk of unauthorized access. The vulnerability has been fixed in v2.10.6. No known workarounds are available.
CVSS: HIGH (7.7) EPSS Score: 0.09%
March 13th, 2025 (4 months ago)
|
|
CVE-2025-27107 |
Description: Integrated Scripting is a tool for creating scripts for handling complex operations in Integrated Dynamics. Minecraft users who use Integrated Scripting prior to versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 may be vulnerable to arbitrary code execution. By using Java reflection on a thrown exception object it's possible to escape the JavaScript sandbox for IntegratedScripting's Variable Cards, and leverage that to construct arbitrary Java classes and invoke arbitrary Java methods.
This vulnerability allows for execution of arbitrary Java methods, and by extension arbitrary native code e.g. from `java.lang.Runtime.exec`, on the Minecraft server by any player with the ability to create and use an IntegratedScripting Variable Card. Versions 1.21.1-1.0.17, 1.21.4-1.0.9-254, 1.20.1-1.0.13, and 1.19.2-1.0.10 fix the issue.
CVSS: HIGH (8.6) EPSS Score: 0.08%
March 13th, 2025 (4 months ago)
|