CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24220 |
Description: A permissions issue was addressed with additional restrictions. This issue is fixed in iPadOS 17.7.7, iOS 18.4 and iPadOS 18.4. An app may be able to read a persistent device identifier.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-24155 |
Description: The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to disclose kernel memory.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-24144 |
Description: An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.6, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Ventura 13.7.6, iOS 18.3 and iPadOS 18.3, tvOS 18.3. An app may be able to leak sensitive kernel state.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-24142 |
Description: A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-24111 |
Description: A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 12th, 2025 (about 1 month ago)
|
|
Description: Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-47828
https://github.com/Lumieducation/H5P-Nodejs-library/pull/3894
https://github.com/Lumieducation/H5P-Nodejs-library/compare/v9.3.2...v9.3.3
https://github.com/advisories/GHSA-m7gm-v253-56hh
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
May 12th, 2025 (about 1 month ago)
|
|
|
Description: Impact
Potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects arbitrary code.
Patches
This is patched in 1.13.6
Workarounds
Downgrade to <1.13.2
References
Understanding the Risk of Script Injections
References
https://github.com/OZI-Project/publish/security/advisories/GHSA-2487-9f55-2vg9
https://nvd.nist.gov/vuln/detail/CVE-2025-47271
https://github.com/OZI-Project/publish/commit/abd8524ec69800890529846b3ccfb09ce7c10b5c
https://github.com/advisories/GHSA-2487-9f55-2vg9
CVSS: MEDIUM (6.3) EPSS Score: 0.05%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2024-55466 |
Description: An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS: MEDIUM (6.5) EPSS Score: 0.06%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-44176 |
Description: Tenda FH451 V1.0.0.9 is vulnerable to Remote Code Execution in the formSafeEmailFilter function.
CVSS: MEDIUM (6.5) EPSS Score: 0.1%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-44175 |
Description: Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 12th, 2025 (about 1 month ago)
|