CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-5281
Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information...
Description: Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium)

CVSS: MEDIUM (5.4)

EPSS Score: 0.06%

Source: CVE
May 27th, 2025 (22 days ago)

CVE-2025-5278
Coreutils: heap buffer under-read in gnu coreutils sort via key specification
Description: A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.

CVSS: MEDIUM (4.4)

EPSS Score: 0.01%

Source: CVE
May 27th, 2025 (22 days ago)

CVE-2025-5198
Stackrox: xss in stackrox
Description: A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.

CVSS: MEDIUM (5.0)

EPSS Score: 0.04%

Source: CVE
May 27th, 2025 (22 days ago)

CVE-2025-5067
Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted...
Description: Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

CVSS: MEDIUM (5.4)

EPSS Score: 0.06%

Source: CVE
May 27th, 2025 (22 days ago)

CVE-2025-5066
Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to...
Description: Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVSS: MEDIUM (6.5)

EPSS Score: 0.06%

Source: CVE
May 27th, 2025 (22 days ago)

CVE-2025-5065
Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a...
Description: Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVSS: MEDIUM (6.5)

EPSS Score: 0.06%

Source: CVE
May 27th, 2025 (22 days ago)

CVE-2025-5064
Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data...
Description: Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

CVSS: MEDIUM (5.4)

EPSS Score: 0.06%

Source: CVE
May 27th, 2025 (22 days ago)

CVE-2025-22377
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480,...
Description: An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. A Heap-based Out-of-Bounds Write exists in the GPRS protocol implementation because of a mismatch between the actual length of the payload and the length declared within the payload.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
May 27th, 2025 (22 days ago)

CVE-2024-49197
An issue was discovered in Wi-Fi in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and...
Description: An issue was discovered in Wi-Fi in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check in STOP_KEEP_ALIVE_OFFLOAD leads to out-of-bounds access.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
May 27th, 2025 (22 days ago)
[org.codelibs.fess:fess] Fess has Insecure Temporary File Permissions
Description: Summary Fess (an open-source Enterprise Search Server) creates temporary files without restrictive permissions, which may allow local attackers to read sensitive information from these temporary files. Details The createTempFile() method in org.codelibs.fess.helper.SystemHelper creates temporary files without explicitly setting restrictive permissions. This could lead to potential information disclosure, allowing unauthorized local users to access sensitive data contained in these files. Impact This issue primarily affects environments where Fess is deployed in a shared or multi-user context. Typical single-user or isolated deployments have minimal or negligible practical impact. Workarounds Ensure local access to the environment running Fess is restricted to trusted users only. References CVE-2022-24823: Netty temporary file permissions vulnerability References https://github.com/codelibs/fess/security/advisories/GHSA-g88v-2j67-9rmx https://nvd.nist.gov/vuln/detail/CVE-2025-48382 https://github.com/codelibs/fess/commit/25b2009fea2a0f6ccd5aa8154aa54b536c08f6c4 https://github.com/advisories/GHSA-g88v-2j67-9rmx

CVSS: MEDIUM (5.5)

Source: Github Advisory Database (Maven)
May 27th, 2025 (22 days ago)