CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-22366

Description: The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.

CVSS: HIGH (8.7)

EPSS Score: 0.08%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-27120

Description: A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in version 24.1.2.

CVSS: HIGH (7.7)

EPSS Score: 0.29%

SSVC Exploitation: none

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-21881

Description: Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x

CVSS: HIGH (8.6)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-21880

Description: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.x

CVSS: HIGH (8.6)

EPSS Score: 1.09%

SSVC Exploitation: none

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-21879

Description: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.

CVSS: HIGH (8.7)

EPSS Score: 1.57%

SSVC Exploitation: none

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-21878

Description: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched.

CVSS: HIGH (7.1)

EPSS Score: 0.31%

SSVC Exploitation: none

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-21877

Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and < 8.2.4225.

CVSS: HIGH (8.6)

EPSS Score: 0.15%

SSVC Exploitation: none

Source: CVE
March 11th, 2025 (4 months ago)
Description: Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with

CVSS: HIGH (8.8)

Source: TheHackerNews
March 11th, 2025 (4 months ago)

CVE-2025-27423

Description: Nessus Plugin ID 232572 with High Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27423 advisory. - Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the :read ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164 (CVE-2025-27423)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/232572

CVSS: HIGH (7.1)

EPSS Score: 0.06%

Source: Tenable Plugins
March 11th, 2025 (4 months ago)

CVE-2025-27493

Description: A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges.

CVSS: HIGH (8.2)

EPSS Score: 0.02%

Source: CVE
March 11th, 2025 (4 months ago)