CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5065 |
Description: Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVSS: MEDIUM (6.5) EPSS Score: 0.06%
May 27th, 2025 (22 days ago)
|
|
CVE-2025-5064 |
Description: Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVSS: MEDIUM (5.4) EPSS Score: 0.06%
May 27th, 2025 (22 days ago)
|
|
CVE-2025-22377 |
Description: An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. A Heap-based Out-of-Bounds Write exists in the GPRS protocol implementation because of a mismatch between the actual length of the payload and the length declared within the payload.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
May 27th, 2025 (22 days ago)
|
|
CVE-2024-49197 |
Description: An issue was discovered in Wi-Fi in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check in STOP_KEEP_ALIVE_OFFLOAD leads to out-of-bounds access.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
May 27th, 2025 (22 days ago)
|
|
Description: Summary
Fess (an open-source Enterprise Search Server) creates temporary files without restrictive permissions, which may allow local attackers to read sensitive information from these temporary files.
Details
The createTempFile() method in org.codelibs.fess.helper.SystemHelper creates temporary files without explicitly setting restrictive permissions. This could lead to potential information disclosure, allowing unauthorized local users to access sensitive data contained in these files.
Impact
This issue primarily affects environments where Fess is deployed in a shared or multi-user context. Typical single-user or isolated deployments have minimal or negligible practical impact.
Workarounds
Ensure local access to the environment running Fess is restricted to trusted users only.
References
CVE-2022-24823: Netty temporary file permissions vulnerability
References
https://github.com/codelibs/fess/security/advisories/GHSA-g88v-2j67-9rmx
https://nvd.nist.gov/vuln/detail/CVE-2025-48382
https://github.com/codelibs/fess/commit/25b2009fea2a0f6ccd5aa8154aa54b536c08f6c4
https://github.com/advisories/GHSA-g88v-2j67-9rmx
CVSS: MEDIUM (5.5)
May 27th, 2025 (22 days ago)
|
|
CVE-2025-5250 |
Description: A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PHPGurukul News Portal Project 4.1 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /admin/edit-category.php. Durch das Beeinflussen des Arguments Category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.03%
May 27th, 2025 (22 days ago)
|
|
CVE-2025-5249 |
Description: A vulnerability has been found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-category.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul News Portal Project 4.1 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalität der Datei /admin/add-category.php. Durch Manipulieren des Arguments Category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.04%
May 27th, 2025 (22 days ago)
|
|
CVE-2025-23247 |
Description: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this vulnerability might lead to arbitrary code execution.
CVSS: MEDIUM (4.4) EPSS Score: 0.01%
May 27th, 2025 (22 days ago)
|
|
CVE-2025-27701 |
Description: In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 27th, 2025 (22 days ago)
|
|
CVE-2024-56193 |
Description: There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS: MEDIUM (5.1) EPSS Score: 0.01%
May 27th, 2025 (22 days ago)
|