CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-23337 |
Description: jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.
CVSS: MEDIUM (4.3) EPSS Score: 0.05% SSVC Exploitation: poc
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-44895 |
Description: FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ipv4Aclkey parameter in the web_acl_ipv4BasedAceAdd function.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-44892 |
Description: FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ownekey parameter in the web_rmon_alarm_post_rmon_alarm function.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2024-42922 |
Description: AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability.
CVSS: MEDIUM (6.5) EPSS Score: 5.51%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-48417 |
Description: The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against users of the admin interface. The files are located in /etc/ssl (e.g. salia.local.crt, salia.local.key and salia.local.pem). There is no option to upload/configure custom TLS certificates.
CVSS: MEDIUM (6.5) EPSS Score: 0.02%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-48415 |
Description: A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor or perform other administrative actions. Ultimately, this backdoor also allows arbitrary execution of OS commands.
CVSS: MEDIUM (6.2) EPSS Score: 0.02%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-1418 |
Description: A low-privileged user can access information about profiles created in Proget MDM (Mobile Device Management), which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information (including their usage in connected devices).
This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).
CVSS: MEDIUM (5.1) EPSS Score: 0.04%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-1417 |
Description: In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM (Mobile Device Management). This information include user ids, email addresses, first names, last names and device UUIDs. The last one can be used for exploitation of CVE-2025-1416.
Successful exploitation requires UUID of a targeted backup, which cannot be brute forced.
This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).
CVSS: MEDIUM (4.6) EPSS Score: 0.04%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-48414 |
Description: There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for debugging during development and provides an additional attack surface.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 21st, 2025 (about 1 month ago)
|
|
CVE-2025-27804 |
Description: Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions.
CVSS: MEDIUM (6.5) EPSS Score: 0.14%
May 21st, 2025 (about 1 month ago)
|