CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-21418 |
Description: 3Critical52Important0Moderate0LowMicrosoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild.Microsoft patched 55 CVEs in its February 2025 Patch Tuesday release, with three rated critical and 52 rated as important. Our counts omitted one vulnerability reported by HackerOne.This month’s update includes patches for:Active Directory Domain ServicesAzure Active DirectoryAzure FirmwareAzure Network WatcherMicrosoft AutoUpdate (MAU)Microsoft Digest AuthenticationMicrosoft High Performance Compute Pack (HPC) Linux Node AgentMicrosoft OfficeMicrosoft Office ExcelMicrosoft Office SharePointMicrosoft PC ManagerMicrosoft Streaming ServiceMicrosoft SurfaceMicrosoft WindowsOutlook for AndroidVisual StudioVisual Studio CodeWindows Ancillary Function Driver for WinSockWindows CoreMessagingWindows DHCP ClientWindows DHCP ServerWindows DWM Core LibraryWindows Disk Cleanup ToolWindows InstallerWindows Internet Connection Sharing (ICS)Windows KerberosWindows KernelWindows LDAP - Lightweight Directory Access ProtocolWindows Message QueuingWindows NTLMWindows Remote Desktop ServicesWindows Resilient File System (ReFS) Deduplication ServiceWindows Routing and Remote Access Service (RRAS)Windows Setup Files CleanupWindows StorageWindows Telephony ServerWindows Telephony ServiceWindows Update StackWindows Win32 Kernel SubsystemRemote code execution (RCE) vulnerabilities accounted for 38.2% of the vulnerabilities patched t...
CVSS: HIGH (7.8) EPSS Score: 0.05%
February 11th, 2025 (5 months ago)
|
|
CVE-2025-21391 |
Description: Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable.
CVSS: HIGH (7.1) EPSS Score: 0.09%
February 11th, 2025 (5 months ago)
|
|
CVE-2025-21418 |
Description: Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
CVSS: HIGH (7.8) EPSS Score: 0.05%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-40890 |
Description: Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request.
CVSS: HIGH (8.8) EPSS Score: 4.13%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-40891 |
Description: Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.
CVSS: HIGH (8.8) EPSS Score: 4.13%
February 11th, 2025 (5 months ago)
|
|
CVE-2025-24876 |
Description: The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code, an attacker can steal the session of the victim by injecting malicious payload, causing High impact on confidentiality and integrity of the application.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-24876
https://me.sap.com/notes/3567974
https://www.npmjs.com/package/@sap/approuter?activeTab=versions
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2025.html
https://github.com/advisories/GHSA-cpfx-964w-4jvp
CVSS: HIGH (8.1) EPSS Score: 0.05%
February 11th, 2025 (5 months ago)
|
|
CVE-2022-41723 |
Description:
Nessus Plugin ID 216052 with High Severity
Synopsis
The remote Azure Linux host is missing one or more security updates.
Description
The version of application-gateway-kubernetes-ingress / golang / kubevirt / skopeo / telegraf installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-41723 advisory. - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. (CVE-2022-41723)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/216052
CVSS: HIGH (7.5)
February 11th, 2025 (5 months ago)
|
|
CVE-2025-24970 |
Description: Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2025-1099 |
Description: The TP-Link Tapo C500 V1 and V2 are a pan-and-tilt outdoor Wi-Fi security cameras designed for comprehensive surveillance.
This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device.
CVSS: HIGH (7.0) EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|
|
CVE-2024-8684 |
Description: OS Command Injection vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. This vulnerability could allow an authenticated attacker to execute OS commands on the device via the ‘php/dal.php’ endpoint, in the ‘arrSaveConfig’ parameter.
CVSS: HIGH (8.3) EPSS Score: 0.04%
February 11th, 2025 (5 months ago)
|