CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-48056
Hubble CLI vulnerable to character injection
Description: Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using Layer 7 Protocol Visibility at the time of the attack. The issue is patched in Hubble CLI v1.17.2. Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
May 20th, 2025 (about 1 month ago)
[typo3/cms-core] TYPO3 Allows Unrestricted File Upload in File Abstraction Layer
Description: Problem By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be considered potentially harmful, such as executable binaries (e.g., .exe files), or files with inconsistent file extensions and MIME types (for example, a file incorrectly named with a .png extension but actually carrying the MIME type application/zip). Although such files are not directly executable through the web server, their presence can introduce indirect risks. For example, third-party services such as antivirus scanners or malware detection systems might flag or block access to the website for end users if suspicious files are found. This could negatively affect the availability or reputation of the site. Solution Update to TYPO3 versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, 13.4.12 LTS that fix the problem described. [!NOTE] The mitigation strategies outlined below apply broadly to all file uploads handled through TYPO3's File Abstraction Layer (FAL), not just those performed via the backend interface. This means that any extension or custom integration leveraging FAL will also be subject to the new validation rules and configuration options. Developers are advised to review the implications for their code and refer to the documentation of that change for guidanc...

CVSS: MEDIUM (5.4)

EPSS Score: 0.02%

Source: Github Advisory Database (Composer)
May 20th, 2025 (about 1 month ago)

CVE-2025-4996
Intelbras RF 301K Add Static IP cross site scripting
Description: A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5. This issue affects some unknown processing of the component Add Static IP. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure. Eine Schwachstelle wurde in Intelbras RF 301K 1.1.5 entdeckt. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Add Static IP. Durch Manipulieren des Arguments Description mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (4.8)

EPSS Score: 0.03%

Source: CVE
May 20th, 2025 (about 1 month ago)

CVE-2025-47854
In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page
Description: In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page

CVSS: MEDIUM (4.3)

EPSS Score: 0.0%

SSVC Exploitation: none

Source: CVE
May 20th, 2025 (about 1 month ago)

CVE-2025-47853
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
Description: In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible

CVSS: MEDIUM (4.8)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE
May 20th, 2025 (about 1 month ago)

CVE-2025-47852
In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
Description: In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible

CVSS: MEDIUM (4.8)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE
May 20th, 2025 (about 1 month ago)

CVE-2025-47851
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
Description: In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible

CVSS: MEDIUM (4.8)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE
May 20th, 2025 (about 1 month ago)

CVE-2025-47850
In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning
Description: In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning

CVSS: MEDIUM (4.3)

EPSS Score: 0.0%

SSVC Exploitation: none

Source: CVE
May 20th, 2025 (about 1 month ago)

CVE-2025-48016
Improper Control of Interaction Frequency
Description: OpenFlow discovery protocol can exhaust resources because it is not rate limited

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
May 20th, 2025 (about 1 month ago)

CVE-2024-45641
IBM Security ReaQta improper certificate validation
Description: IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation.

CVSS: MEDIUM (6.5)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
May 20th, 2025 (about 1 month ago)