CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 4.1.2 is able to address this issue. The name of the patch is c2e321a8b6fc873427c466c69f41ed0b5e8814bf. It is recommended to upgrade the affected component.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-5896
https://github.com/NervJS/taro/pull/17619
https://github.com/NervJS/taro/commit/c2e321a8b6fc873427c466c69f41ed0b5e8814bf
https://github.com/NervJS/taro/releases/tag/v4.1.2
https://vuldb.com/?ctiid.311668
https://vuldb.com/?id.311668
https://vuldb.com/?submit.585796
https://github.com/advisories/GHSA-f5xg-cfpj-2mw6
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
June 10th, 2025 (21 days ago)
|
|
|
Description: A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-5897
https://github.com/vuejs/vue-cli/pull/7478
https://vuldb.com/?ctiid.311669
https://vuldb.com/?id.311669
https://vuldb.com/?submit.585798
https://github.com/advisories/GHSA-79vf-hf9f-j9q8
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
June 10th, 2025 (21 days ago)
|
CVE-2025-5900 |
Description: A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in Tenda AC9 15.03.02.13 gefunden. Dabei betrifft es einen unbekannter Codeteil. Durch Beeinflussen mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.02%
June 9th, 2025 (21 days ago)
|
|
CVE-2025-5899 |
Description: A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. In GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb wurde eine kritische Schwachstelle entdeckt. Das betrifft die Funktion parse_variables_option der Datei utilities/pspp-convert.c. Durch Manipulieren mit unbekannten Daten kann eine free of memory not on the heap-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.01%
June 9th, 2025 (21 days ago)
|
|
CVE-2025-30507 |
Description: CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.
CVSS: MEDIUM (5.3) EPSS Score: 0.06%
June 9th, 2025 (21 days ago)
|
|
CVE-2025-5898 |
Description: A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb entdeckt. Es betrifft die Funktion parse_variables_option der Datei utilities/pspp-convert.c. Durch das Manipulieren mit unbekannten Daten kann eine out-of-bounds write-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.01%
June 9th, 2025 (21 days ago)
|
|
CVE-2025-49139 |
Description: HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the HAX site editor, users can create a website block to load another site in an iframe. The application allows users to supply a target URL in the website block. When the HAX site is visited, the client's browser will query the supplied URL. An authenticated attacker can create a HAX site with a website block pointing at an attacker-controlled server running Responder or a similar tool. The attacker can then conduct a phishing attack by convincing another user to visit their malicious HAX site to harvest credentials. Version 11.0.0 contains a patch for the issue.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
June 9th, 2025 (21 days ago)
|
|
CVE-2025-49138 |
Description: HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating the location field written into site.json. This enables attackers to exfiltrate sensitive system files such as /etc/passwd, application secrets, or configuration files accessible to the web server (www-data). The vulnerability stems from the way the HAXCMS backend handles the location field in the site's outline. When a user sends a POST request to /system/api/saveOutline, the backend stores the provided location value directly into the site.json file associated with the site, without validating or sanitizing the input. Later the location parameter is interpreted by the CMS to resolve and load the content for a given node. If the location field contains a relative path like `../../../etc/passwd`, the application will attempt to read and render that file. Version 11.0.0 fixes the issue.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
June 9th, 2025 (21 days ago)
|
|
CVE-2025-5897 |
Description: A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Eine Schwachstelle wurde in vuejs vue-cli bis 5.0.8 ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um die Funktion HtmlPwaPlugin der Datei packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js der Komponente Markdown Code Handler. Mittels Manipulieren mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
June 9th, 2025 (21 days ago)
|
|
CVE-2025-5896 |
Description: A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 4.1.2 is able to address this issue. The name of the patch is c2e321a8b6fc873427c466c69f41ed0b5e8814bf. It is recommended to upgrade the affected component. In tarojs taro bis 4.1.1 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei taro/packages/css-to-react-native/src/index.js. Mittels dem Manipulieren mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Ein Aktualisieren auf die Version 4.1.2 vermag dieses Problem zu lösen. Der Patch wird als c2e321a8b6fc873427c466c69f41ed0b5e8814bf bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
June 9th, 2025 (21 days ago)
|