CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-23851 |
Description: copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl.
CVSS: MEDIUM (5.5) EPSS Score: 0.02% SSVC Exploitation: none
June 4th, 2025 (9 days ago)
|
|
CVE-2024-23453 |
Description: Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service.
CVSS: MEDIUM (5.5) EPSS Score: 0.03% SSVC Exploitation: none
June 4th, 2025 (9 days ago)
|
|
CVE-2025-20273 |
Description:
A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Cisco plans to release software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-icm-xss-cfcqhXAg
Security Impact Rating: Medium
CVE: CVE-2025-20273
CVSS: MEDIUM (6.1) EPSS Score: 0.02%
June 4th, 2025 (9 days ago)
|
|
CVE-2025-20278 |
Description:
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.
This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy
Security Impact Rating: Medium
CVE: CVE-2025-20278
CVSS: MEDIUM (6.0) EPSS Score: 0.02%
June 4th, 2025 (9 days ago)
|
|
CVE-2025-20129 |
Description:
A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.
This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd
Security Impact Rating: Medium
CVE: CVE-2025-20129
CVSS: MEDIUM (4.3) EPSS Score: 0.07%
June 4th, 2025 (9 days ago)
|
|
CVE-2025-23101 |
Description: An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
June 4th, 2025 (9 days ago)
|
|
CVE-2025-23095 |
Description: An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
June 4th, 2025 (9 days ago)
|
|
CVE-2025-5592 |
Description: A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component PASSIVE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in FreeFloat FTP Server 1.0 entdeckt. Betroffen davon ist ein unbekannter Prozess der Komponente PASSIVE Command Handler. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.04%
June 4th, 2025 (9 days ago)
|
|
CVE-2025-48962 |
Description: Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938.
CVSS: MEDIUM (4.3) EPSS Score: 0.03% SSVC Exploitation: none
June 4th, 2025 (9 days ago)
|
|
CVE-2025-48960 |
Description: Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938.
CVSS: MEDIUM (5.9) EPSS Score: 0.0% SSVC Exploitation: none
June 4th, 2025 (9 days ago)
|