CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
Description: A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. "UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access," Cisco Talos researchers

CVSS: MEDIUM (5.3)

Source: TheHackerNews
May 22nd, 2025 (29 days ago)

CVE-2025-32915
Sensitive data exposed during automatic agent updates
Description: Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data.

CVSS: MEDIUM (4.3)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (29 days ago)

CVE-2025-32815
An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur.
Description: An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur.

CVSS: MEDIUM (6.5)

EPSS Score: 0.08%

Source: CVE
May 22nd, 2025 (29 days ago)

CVE-2025-0679
Exposure of Private Personal Information to an Unauthorized Actor in GitLab
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.

CVSS: MEDIUM (4.3)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (29 days ago)

CVE-2025-0605
Weak Authentication in GitLab
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.

CVSS: MEDIUM (4.6)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (29 days ago)

CVE-2024-54188
Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access.
Description: Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
May 22nd, 2025 (29 days ago)

CVE-2024-12093
Improper Validation of Consistency within Input in GitLab
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions.

CVSS: MEDIUM (6.8)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (29 days ago)

CVE-2025-5076
FreeFloat FTP Server SEND Command buffer overflow
Description: A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component SEND Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in FreeFloat FTP Server 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Komponente SEND Command Handler. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.05%

Source: CVE
May 22nd, 2025 (29 days ago)

CVE-2025-4979
Insufficient Granularity of Access Control in GitLab
Description: An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response.

CVSS: MEDIUM (4.9)

EPSS Score: 0.01%

Source: CVE
May 22nd, 2025 (29 days ago)

CVE-2025-3480
MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability
Description: MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Web Portal. The issue results from the lack of encryption when transmitting credentials. An attacker can leverage this vulnerability to disclose transmitted credentials, leading to further compromise. Was ZDI-CAN-25842.

CVSS: MEDIUM (5.3)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (29 days ago)