CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-2517
Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager
Description: Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager.

CVSS: LOW (2.3)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE
April 21st, 2025 (2 months ago)

CVE-2025-43916
Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority...
Description: Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section 5.2.3.5. An authorization code may be sent to an attacker-controlled destination. This might have further implications in conjunction with "Decompiling the app revealed a hardcoded secret."

CVSS: LOW (3.4)

EPSS Score: 0.03%

Source: CVE
April 21st, 2025 (2 months ago)

CVE-2025-3840
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description: An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An actor can manipulate the action parameter of the login form to inject malicious scripts which would lead to a XSS attack under certain conditions.

CVSS: LOW (2.1)

EPSS Score: 0.03%

Source: CVE
April 21st, 2025 (2 months ago)

CVE-2024-51744
openSUSE 15 Security Update : coredns (openSUSE-SU-2025:0131-1)
Description: Nessus Plugin ID 234644 with Low Severity Synopsis The remote openSUSE host is missing a security update. Description The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025:0131-1 advisory. - Update to version 1.12.1: * core: Increase CNAME lookup limit from 7 to 10 (#7153) * plugin/kubernetes: Fix handling of pods having DeletionTimestamp set * plugin/kubernetes: Revert 'only create PTR records for endpoints with hostname defined' * plugin/forward: added option failfast_all_unhealthy_upstreams to return servfail if all upstreams are down * bump dependencies, fixing boo#1239294 and boo#1239728 - Update to version 1.12.0: * New multisocket plugin - allows CoreDNS to listen on multiple sockets * bump deps - Update to version 1.11.4: * forward plugin: new option next, to try alternate upstreams when receiving specified response codes upstreams on (functions like the external plugin alternate) * dnssec plugin: new option to load keys from AWS Secrets Manager * rewrite plugin: new option to revert EDNS0 option rewrites in responses - Update to version 1.11.3+git129.387f34d: * fix CVE-2024-51744 (bsc#1232991) build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#6955) * core: set cache-control max-age as integer, not float (#6764) * Issue-6671: Fix...

CVSS: LOW (3.1)

Source: Tenable Plugins
April 21st, 2025 (2 months ago)

CVE-2025-43967
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a...
Description: libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.

CVSS: LOW (2.9)

EPSS Score: 0.03%

Source: CVE
April 21st, 2025 (2 months ago)

CVE-2025-43966
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
Description: libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.

CVSS: LOW (2.9)

EPSS Score: 0.04%

Source: CVE
April 21st, 2025 (2 months ago)

CVE-2025-43964
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
Description: In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.

CVSS: LOW (2.9)

EPSS Score: 0.06%

Source: CVE
April 21st, 2025 (2 months ago)

CVE-2025-43963
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not...
Description: In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

CVSS: LOW (2.9)

EPSS Score: 0.05%

Source: CVE
April 21st, 2025 (2 months ago)

CVE-2025-43962
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1...
Description: In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.

CVSS: LOW (2.9)

EPSS Score: 0.05%

Source: CVE
April 21st, 2025 (2 months ago)

CVE-2025-43961
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
Description: In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.

CVSS: LOW (2.9)

EPSS Score: 0.05%

Source: CVE
April 21st, 2025 (2 months ago)