CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-25020 |
Description: IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input.
CVSS: MEDIUM (6.5) EPSS Score: 0.05% SSVC Exploitation: none
June 3rd, 2025 (14 days ago)
|
|
CVE-2025-25019 |
Description: IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system.
CVSS: MEDIUM (4.8) EPSS Score: 0.03% SSVC Exploitation: none
June 3rd, 2025 (14 days ago)
|
|
CVE-2025-1334 |
Description: IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system.
CVSS: MEDIUM (4.0) EPSS Score: 0.01% SSVC Exploitation: none
June 3rd, 2025 (14 days ago)
|
|
CVE-2025-5504 |
Description: A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWsc. The manipulation of the argument peerRptPin leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In TOTOLINK X2000R 1.0.0-B20230726.1108 wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /boafrm/formWsc. Durch die Manipulation des Arguments peerRptPin mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 4.84% SSVC Exploitation: poc
June 3rd, 2025 (14 days ago)
|
|
CVE-2025-46548 |
Description: If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied.
Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes this issue.
CVSS: MEDIUM (6.5) EPSS Score: 0.08%
June 3rd, 2025 (14 days ago)
|
|
CVE-2025-45855 |
Description: An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
June 3rd, 2025 (14 days ago)
|
|
CVE-2025-43925 |
Description: An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data.
CVSS: MEDIUM (4.6) EPSS Score: 0.01%
June 3rd, 2025 (14 days ago)
|
|
CVE-2025-43924 |
Description: Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController (for /fp/admin/settings/loginpage) and the rootserviceurl parameter in FriendsController (for /fp/admin/settings/friends), entered by an admin, allow stored XSS.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
June 3rd, 2025 (14 days ago)
|
|
CVE-2025-43923 |
Description: An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
June 3rd, 2025 (14 days ago)
|
|
CVE-2024-45655 |
Description: IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
CVSS: MEDIUM (5.5) EPSS Score: 0.01% SSVC Exploitation: none
June 3rd, 2025 (14 days ago)
|