CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27616 |
Description: Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository. These secrets could be exfiltrated by follow up builds to the repository. Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit, and any user with access to the CI instance and the linked source control manager can perform the exploit. Versions 0.25.3 and 0.26.3 fix the issue. No known workarounds are available.
CVSS: HIGH (8.6) EPSS Score: 0.03%
March 10th, 2025 (4 months ago)
|
|
CVE-2025-27615 |
Description: umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit 5d81a3412bc0051754a3095d89a06d6d743f2b16 uses `127.0.0.1:8080:8080` to limit access to the local network. For those who are unable to use this proposed patch, a firewall on Port 8080 may block remote access, but the workaround may not be perfect because Docker may also bypass a firewall by its iptable based rules for port forwarding.
CVSS: HIGH (8.2) EPSS Score: 0.07%
March 10th, 2025 (4 months ago)
|
|
CVE-2025-22603 |
Description: AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery (SSRF) vulnerability inside component (or block) `Send Web Request`. The root cause is that IPV6 address is not restricted or filtered, which allows attackers to perform a server side request forgery to visit an IPV6 service. autogpt-platform-beta-v0.4.2 fixes the issue.
CVSS: HIGH (7.7) EPSS Score: 0.06%
March 10th, 2025 (4 months ago)
|
|
CVE-2024-43107 |
Description: Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.
This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.
CVSS: HIGH (7.2) EPSS Score: 0.03% SSVC Exploitation: none
March 10th, 2025 (4 months ago)
|
|
CVE-2024-41724 |
Description: Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server.
This issue affects all versions of Gallagher Command Centre prior to 9.20.1043.
CVSS: HIGH (8.7) EPSS Score: 0.02% SSVC Exploitation: none
March 10th, 2025 (4 months ago)
|
|
CVE-2025-26933 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7.
CVSS: HIGH (7.5) EPSS Score: 0.11%
March 10th, 2025 (4 months ago)
|
|
CVE-2025-26910 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 10th, 2025 (4 months ago)
|
|
CVE-2024-12604 |
Description: Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025.
CVSS: HIGH (7.3) EPSS Score: 0.02%
March 10th, 2025 (4 months ago)
|
|
CVE-2024-13919 |
Description: The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
CVSS: HIGH (8.0) EPSS Score: 0.01%
March 10th, 2025 (4 months ago)
|
|
CVE-2024-13918 |
Description: The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
CVSS: HIGH (8.0) EPSS Score: 0.01%
March 10th, 2025 (4 months ago)
|