CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-4282 |
Description: Brocade SANnav OVA before SANnav 2.3.1b enables SHA1 deprecated setting for SSH for port 22.
CVSS: HIGH (8.2) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-2240 |
Description: Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.
CVSS: HIGH (8.6) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2024-12651 |
Description: Exposed Dangerous Method or Function vulnerability in PTT Inc. HGS Mobile App allows Manipulating User-Controlled Variables.This issue affects HGS Mobile App: before 6.5.0.
CVSS: HIGH (8.5) EPSS Score: 0.05%
February 15th, 2025 (5 months ago)
|
|
CVE-2025-0108 |
Description: Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication. [...]
CVSS: HIGH (8.8) EPSS Score: 96.76%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-21333 |
Description: Check out best practices for preventing buffer overflow attacks. Plus, Europol offers best practices for banks to adopt quantum-resistant cryptography. Meanwhile, an informal Tenable poll looks at cloud security challenges. And get the latest on ransomware trends and on cybercrime legislation and prevention!Dive into six things that are top of mind for the week ending Feb. 14.1 - CISA, FBI offer buffer overflow prevention tipsThe U.S. government is urging software makers to adopt secure application-development practices that help prevent buffer overflow attacks.This week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigations (FBI) called buffer overflow vulnerabilities “unforgivable defects” that put national and economic security at risk.“CISA and FBI urge manufacturers to use proven prevention methods and mitigations to eliminate this class of defect while urging software customers to demand secure products from manufacturers that include these preventions,” the agencies wrote in a joint fact sheet. Buffer overflows happen when data written to a computer’s memory buffer exceeds the buffer’s capacity. This can lead to issues such as system crashes, data corruption and remote code execution. These are some of the recommendations the agencies offered for preventing buffer overflows in the fact sheet titled “Malicious Cyber Actors Use Buffer Overflow Vulnerabilities to Compromise Software.”Use memory-safe languages when de...
CVSS: HIGH (7.8) EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-23083 |
Description:
Nessus Plugin ID 216256 with High Severity
Synopsis
The remote Oracle Linux host is missing one or more security updates.
Description
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-1351 advisory. - Update to version 20.18.2 Fixes: CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 Resolves: RHEL-76001 RHEL-76146 - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 - Backport nghttp2 patch for CVE-2024-28182 - Rebase to version 20.12.0 Addresses CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) Addresses CVE-2024-25629 (c-ares) - Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high) - Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium) - Fixes CVE-2023-44487 (nghttp) - Fixes CVE-2023-45143, CVE-2023-39331, CVE-2023-39332, CVE-2023-38552, CVE-2023-39333 - Address CVE-2023-32002, CVE-2023-32004, CVE-2023-32558 (high) - Address CVE-2023-32006, CVE-2023-32559 (medium) - Address CVE-2023-32005, CVE-2023-32003 (low) - Rebase to 18.16.1 Resolves: rhbz#2188290 rhbz#2166926 Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 - Update bundled c-ares to 1.19.1 Resolves: CVE-2022-4904 Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 - Resolves: CVE-2022-25881, CVE-2023-23936, CVE-2023-24807 - R...
CVSS: HIGH (7.7) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-1094 |
Description: Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7.
The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql.
"An
CVSS: HIGH (8.1) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-26582 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Blackbam TinyMCE Advanced qTranslate fix editor problems allows Stored XSS. This issue affects TinyMCE Advanced qTranslate fix editor problems: from n/a through 1.0.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-26580 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in CompleteWebResources Page/Post Specific Social Share Buttons allows Stored XSS. This issue affects Page/Post Specific Social Share Buttons: from n/a through 2.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
CVE-2025-26578 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in mathieuhays Simple Documentation allows Stored XSS. This issue affects Simple Documentation: from n/a through 1.2.8.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|