CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5160 |
Description: A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected is the function Download of the file /packetCaptureStrategy/download. The manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in H3C SecCenter SMP-E1114P02 bis 20250513 entdeckt. Dabei betrifft es die Funktion Download der Datei /packetCaptureStrategy/download. Durch Manipulation des Arguments Name mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.3) EPSS Score: 0.19% SSVC Exploitation: none
May 28th, 2025 (21 days ago)
|
|
CVE-2025-5137 |
Description: A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sys_verifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in DedeCMS 5.7.117 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei dede/sys_verifies.php?action=getfiles der Komponente Incomplete Fix CVE-2018-9175. Durch das Manipulieren des Arguments refiles mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.7) EPSS Score: 0.03% SSVC Exploitation: poc
May 28th, 2025 (21 days ago)
|
|
CVE-2025-27706 |
Description: CVE-2025-27706 is a cross-site scripting vulnerability in the management
console of Absolute Secure Access prior to version 13.54. Attackers
with system administrator permissions can interfere with another system
administrator’s use of the management console when the second
administrator visits the page. Attack complexity is low, there are no
preexisting attack requirements, privileges required are high and active
user interaction is required. There is no impact on confidentiality,
the impact on integrity is low and there is no impact on availability.
CVSS: MEDIUM (4.6) EPSS Score: 0.03%
May 28th, 2025 (21 days ago)
|
|
CVE-2025-48929 |
🚨 Marked as known exploited on May 28th, 2025 (21 days ago).
Description: The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary, as exploited in the wild in May 2025.
CVSS: MEDIUM (4.0) EPSS Score: 0.05%
May 28th, 2025 (21 days ago)
|
|
CVE-2025-27702 |
Description: CVE-2025-27702 is a vulnerability in the management console of Absolute
Secure Access prior to version 13.54. Attackers with administrative
access to the console and who have been assigned a certain set of
permissions can bypass those permissions to improperly modify settings.
The attack complexity is low, there are no preexisting attack
requirements; the privileges required are high, and there is no user
interaction required. There is no impact to system confidentiality or
availability, impact to system integrity is high.
CVSS: MEDIUM (6.9) EPSS Score: 0.03%
May 28th, 2025 (21 days ago)
|
|
CVE-2025-48928 |
🚨 Marked as known exploited on May 28th, 2025 (21 days ago).
Description: The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
CVSS: MEDIUM (4.0) EPSS Score: 0.02% SSVC Exploitation: none
May 28th, 2025 (21 days ago)
|
|
CVE-2025-48927 |
🚨 Marked as known exploited on May 28th, 2025 (21 days ago).
Description: The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
CVSS: MEDIUM (5.3) EPSS Score: 0.04% SSVC Exploitation: none
May 28th, 2025 (21 days ago)
|
|
CVE-2025-48926 |
🚨 Marked as known exploited on May 28th, 2025 (21 days ago).
Description: The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers, as exploited in the wild in May 2025.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 28th, 2025 (21 days ago)
|
|
CVE-2025-48747 |
Description: Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource.
CVSS: MEDIUM (5.0) EPSS Score: 0.03% SSVC Exploitation: none
May 28th, 2025 (21 days ago)
|
|
CVE-2025-48746 |
Description: Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
May 28th, 2025 (21 days ago)
|