CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-46716 |
Description: Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read from. SetRegValue then reads an arbitrary address, which can be a kernel pointer, into a HKLM Security SBIE registry value. This can later be retrieved by API_GET_SECURE_PARAM. Version 1.15.12 fixes the issue.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 22nd, 2025 (29 days ago)
|
|
CVE-2025-33138 |
Description: IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 22nd, 2025 (29 days ago)
|
|
CVE-2025-2506 |
Description: When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it is running on a replication connection but does not perform this check. This vulnerability was introduced in the pglogical 3.x codebase, which is proprietary to EDB. The same code base has been integrated into BDR/PGD 4 and 5.
To exploit the vulnerability the attacker needs at least CONNECT permissions to a database configured for replication and must understand a number of pglogical3/BDR specific commands and be able to decode the binary protocol.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
May 22nd, 2025 (29 days ago)
|
|
CVE-2025-23183 |
Description: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CVSS: MEDIUM (6.1) EPSS Score: 0.03% SSVC Exploitation: none
May 22nd, 2025 (29 days ago)
|
|
CVE-2025-23182 |
Description: CWE-203: Observable Discrepancy
CVSS: MEDIUM (4.3) EPSS Score: 0.03% SSVC Exploitation: none
May 22nd, 2025 (29 days ago)
|
|
Description: A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell.
"UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access," Cisco Talos researchers
CVSS: MEDIUM (5.3)
May 22nd, 2025 (29 days ago)
|
|
CVE-2025-32915 |
Description: Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data.
CVSS: MEDIUM (4.3) EPSS Score: 0.01% SSVC Exploitation: none
May 22nd, 2025 (29 days ago)
|
|
CVE-2025-32815 |
Description: An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur.
CVSS: MEDIUM (6.5) EPSS Score: 0.08%
May 22nd, 2025 (29 days ago)
|
|
CVE-2025-0679 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.
CVSS: MEDIUM (4.3) EPSS Score: 0.01% SSVC Exploitation: none
May 22nd, 2025 (29 days ago)
|
|
CVE-2025-0605 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.
CVSS: MEDIUM (4.6) EPSS Score: 0.03% SSVC Exploitation: none
May 22nd, 2025 (29 days ago)
|