CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-44839 |
Description: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS: MEDIUM (6.5) EPSS Score: 14.24%
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-4173 |
Description: A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_cart of the file /oews/classes/Master.php?f=delete_cart. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In SourceCodester Online Eyewear Shop 1.0 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um die Funktion delete_cart der Datei /oews/classes/Master.php?f=delete_cart. Durch die Manipulation des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-32890 |
Description: An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.
CVSS: MEDIUM (5.3) EPSS Score: 0.01%
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-32886 |
Description: An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. All packets sent over RF are also sent over UART with USB Shell, allowing someone with local access to gain information about the protocol and intercept sensitive data.
CVSS: MEDIUM (4.0) EPSS Score: 0.02%
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-32885 |
Description: An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message (into existing v1 networks) with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised.
CVSS: MEDIUM (6.5) EPSS Score: 0.02%
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-32884 |
Description: An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages.
CVSS: MEDIUM (4.3) EPSS Score: 0.01%
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-32882 |
Description: An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message.
CVSS: MEDIUM (5.3) EPSS Score: 0.01%
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-32881 |
Description: An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. By default, the GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages.
CVSS: MEDIUM (4.3) EPSS Score: 0.01%
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-47153 |
Description: Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs_20.19.0+dfsg-1_i386.deb for Debian GNU/Linux, have an inconsistent off_t size (e.g., building on i386 Debian always uses _FILE_OFFSET_BITS=64 for the libuv dynamic library, but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs), leading to out-of-bounds access. NOTE: this is not a problem in the Node.js software itself. In particular, the Node.js website's download page does not offer prebuilt Node.js for Linux on i386.
CVSS: MEDIUM (6.5) EPSS Score: 0.11% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-44854 |
Description: TOTOLINK CP900 V6.3c.1144_B20190715 was found to contain a command injection vulnerability in the setUpgradeUboot function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS: MEDIUM (6.3) EPSS Score: 12.12%
May 1st, 2025 (about 2 months ago)
|