CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2022-23748 |
Description: Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code.
CVSS: HIGH (7.8)
February 6th, 2025 (5 months ago)
|
|
CVE-2024-2658 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.5
ATTENTION: Low attack complexity
Vendor: Schneider Electric
Equipment: EcoStruxure
Vulnerability: Uncontrolled Search Path Element
2. RISK EVALUATION
Successful exploitation of this vulnerability allows for local privilege escalation, which could lead to the execution of a malicious Dynamic-Link Library (DLL).
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Schneider Electric EcoStruxure products and versions, which incorporate Revenera FlexNet Publisher, are affected:
EcoStruxure Control Expert: Versions prior to V16.1
EcoStruxure Process Expert: All versions
EcoStruxure OPC UA Server Expert: All versions
EcoStruxure Control Expert Asset Link: Versions prior to V4.0 SP1
EcoStruxure Machine SCADA Expert Asset Link: All versions
EcoStruxure Architecture Builder: Versions prior to V7.0.18
EcoStruxure Operator Terminal Expert: All versions
Vijeo Designer: Version prior to V6.3SP1 HF1
EcoStruxure Machine Expert including EcoStruxure Machine Expert Safety: All versions
EcoStruxure Machine Expert Twin: All versions
Zelio Soft 2: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 Uncontrolled Search Path Element CWE-427
A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf fi...
CVSS: HIGH (8.5) EPSS Score: 0.05%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-25246 |
Description: NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users.
CVSS: HIGH (8.1) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-24805 |
Description: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (8.5) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-24803 |
Description: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters (A–Z, a–z, and 0–9), hyphens (-), and periods (.). However, an attacker can manually modify this value in the `Info.plist` file and add special characters to the `CFBundleIdentifier` value. The `dynamic_analysis.html` file does not sanitize the received bundle value from Corellium and as a result, it is possible to break the HTML context and achieve Stored XSS. This issue has been addressed in version 4.3.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (8.4) EPSS Score: 0.05%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-24497 |
Description: When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-24372 |
Description: CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Using a specially crafted file, a user could potentially upload a file containing code that when executed could send arbitrary requests to the server. If that file was opened by an administrator, it could lead to escalation of privileges of the original submitter or other malicious actions. Users must have been registered to the site to exploit this vulnerability. This vulnerability has been fixed in CKAN 2.10.7 and 2.11.2. Users are advised to upgrade. On versions prior to CKAN 2.10.7 and 2.11.2, site maintainers can restrict the file types supported for uploading using the `ckan.upload.user.mimetypes` / `ckan.upload.user.types` and `ckan.upload.group.mimetypes` / `ckan.upload.group.types` config options. To entirely disable file uploads users can use: `ckan.upload.user.types = none`
CVSS: HIGH (7.3) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-24326 |
Description: When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-24312 |
Description: When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|
|
CVE-2025-23412 |
Description: When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 6th, 2025 (5 months ago)
|