CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-47291 |
Description: containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.
CVSS: MEDIUM (4.6) EPSS Score: 0.02%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-45754 |
Description: A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-2102 |
Description: Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.
CVSS: MEDIUM (5.7) EPSS Score: 0.02%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-0372 |
Description: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.
CVSS: MEDIUM (5.9) EPSS Score: 0.02%
May 21st, 2025 (about 1 month ago)
|
|
Description: Cross-site scripting (XSS) vulnerability in the [clickstorm] SEO (cs_seo) TYPO3 extension allows backend users to execute arbitrary script via the JSON-LD output.
References
https://github.com/clickstorm/cs_seo/commit/1cf6c40821102b1f1508fe4e76825569340c8f90
https://github.com/FriendsOfPHP/security-advisories/blob/master/clickstorm/cs-seo/CVE-2025-48203.yaml
https://typo3.org/security/advisory/typo3-ext-sa-2025-005
https://github.com/advisories/GHSA-6p8w-pc35-mqv8
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
May 21st, 2025 (about 1 month ago)
|
|
|
Description: Insecure Direct Object Reference (IDOR) in the femanager TYPO3 extension allows attackers to view frontend user data via a user parameter in the newAction of the newController.
References
https://github.com/in2code-de/femanager/commit/54851f8f60254bd8060bdf7bc16d56f4de7bd828
https://github.com/FriendsOfPHP/security-advisories/blob/master/in2code/femanager/CVE-2025-48202.yaml
https://typo3.org/security/advisory/typo3-ext-sa-2025-006
https://github.com/advisories/GHSA-xxwr-wv9g-7jw3
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 21st, 2025 (about 1 month ago)
|
|
|
Description: Impact
A network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using Layer 7 Protocol Visibility at the time of the attack.
Patches
This issue affects all versions of Hubble CLI before v1.17.2. The issue is patched in Hubble CLI v1.17.2, via https://github.com/cilium/cilium/pull/37401.
Workarounds
Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor.
Acknowledgements
The Cilium community has worked together with members of Isovalent and the Cisco ASIG team to prepare these mitigations. Special thanks to @bipierce-cisco and @kokelley-cisco for reporting the issue and to @devodev for the fix.
For more information
If you have any questions or comments about this advisory, please reach out on Slack.
If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at [email protected]. This is a private mailing list for the Cilium security team, and your report will be treated as top priority.
References
https://github.com/cilium/hubble/security/advisories/GHSA-274q-79q9-52j7
https://nvd.nist.gov/vuln/detail/CVE-2025-48056
https://git...
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 21st, 2025 (about 1 month ago)
|
|
Description: This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.1. The following CVEs are assigned: CVE-2025-29837.
CVSS: MEDIUM (5.5) EPSS Score: 0.06%
May 21st, 2025 (about 1 month ago)
|
|
|
Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-31251.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-48012 |
Description: Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0.
CVSS: MEDIUM (4.8) EPSS Score: 0.05% SSVC Exploitation: none
May 21st, 2025 (about 1 month ago)
|