CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-25302 |
Description: Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allow_credentials is set to True, which would allow any website to send authenticated cross site requests.
CVSS: HIGH (8.7) EPSS Score: 0.01%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-0555 |
Description: A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.
CVSS: HIGH (7.7) EPSS Score: 0.07%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-25185 |
Description: GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server.
CVSS: HIGH (7.5) EPSS Score: 0.07% SSVC Exploitation: poc
March 3rd, 2025 (4 months ago)
|
|
CVE-2024-43169 |
Description: IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.
CVSS: HIGH (8.8) EPSS Score: 0.01%
March 3rd, 2025 (4 months ago)
|
|
CVE-2024-41771 |
Description: IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
CVSS: HIGH (7.5) EPSS Score: 0.05%
March 3rd, 2025 (4 months ago)
|
|
CVE-2024-41770 |
Description: IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.
CVSS: HIGH (7.5) EPSS Score: 0.05%
March 3rd, 2025 (4 months ago)
|
|
CVE-2022-43939 |
Description: Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization.
CVSS: HIGH (8.6)
March 3rd, 2025 (4 months ago)
|
|
CVE-2022-43769 |
Description: Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution.
CVSS: HIGH (8.8)
March 3rd, 2025 (4 months ago)
|
|
CVE-2018-8639 |
Description: Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
CVSS: HIGH (7.8)
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-27279 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Flashfader allows Reflected XSS. This issue affects Flashfader: from n/a through 1.1.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|