CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-4443 |
Description: A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rated as critical. This issue affects the function sub_454F2C. The manipulation of the argument sysCmd leads to command injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This vulnerability only affects products that are no longer supported by the maintainer. Eine Schwachstelle wurde in D-Link DIR-605L 2.13B01 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion sub_454F2C. Durch das Manipulieren des Arguments sysCmd mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden.
CVSS: MEDIUM (6.3) EPSS Score: 0.07%
May 9th, 2025 (about 2 months ago)
|
|
CVE-2025-31946 |
Description: Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.
CVSS: MEDIUM (6.2) EPSS Score: 0.02%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-28074 |
Description: phpList prior to 3.6.3 is vulnerable to Cross-Site Scripting (XSS) due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious JavaScript.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-46833 |
Description: Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been patched in commit 6ce60b1. A workaround involves increasing the key size, for RSA or DSA this is at least 2048 bits, for ECC this is at least 256 bits.
CVSS: MEDIUM (4.6) EPSS Score: 0.01% SSVC Exploitation: none
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-46336 |
Description: Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout. This issue has been patched in version 2.1.1.
CVSS: MEDIUM (4.2) EPSS Score: 0.03%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-28073 |
Description: phpList 3.6.3 is vulnerable to Reflected Cross-Site Scripting (XSS) via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-27695 |
Description: Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.
CVSS: MEDIUM (4.9) EPSS Score: 0.05% SSVC Exploitation: none
May 8th, 2025 (about 2 months ago)
|
|
CVE-2024-25454 |
Description: Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function.
CVSS: MEDIUM (5.5) EPSS Score: 0.02% SSVC Exploitation: poc
May 8th, 2025 (about 2 months ago)
|
|
CVE-2024-24782 |
Description: An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN.
CVSS: MEDIUM (4.3) EPSS Score: 0.02% SSVC Exploitation: none
May 8th, 2025 (about 2 months ago)
|
|
CVE-2024-20817 |
Description: Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
CVSS: MEDIUM (6.6) EPSS Score: 0.06% SSVC Exploitation: none
May 8th, 2025 (about 2 months ago)
|