CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-23739
An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and...
Description: An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

EPSS Score: 24.74%

SSVC Exploitation: poc

Source: CVE
May 29th, 2025 (18 days ago)

CVE-2024-22861
Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.
Description: Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module.

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
May 29th, 2025 (18 days ago)

CVE-2024-22647
An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages...
Description: An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames.

EPSS Score: 0.12%

SSVC Exploitation: poc

Source: CVE
May 29th, 2025 (18 days ago)

CVE-2024-22639
iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing interface.
Description: iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing interface.

EPSS Score: 0.27%

SSVC Exploitation: poc

Source: CVE
May 29th, 2025 (18 days ago)

CVE-2024-22559
LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field.
Description: LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field.

EPSS Score: 0.06%

SSVC Exploitation: poc

Source: CVE
May 29th, 2025 (18 days ago)

CVE-2024-22545
An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the...
Description: An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely.

EPSS Score: 0.08%

SSVC Exploitation: poc

Source: CVE
May 29th, 2025 (18 days ago)
Threat actors abuse Google Apps Script in evasive phishing attacks
Description: Threat actors are abusing the trusted Google platform 'Google Apps Script' to host phishing pages, making them appear legitimate and eliminating the risk of them getting flagged by security tools. [...]
Source: BleepingComputer
May 29th, 2025 (18 days ago)

CVE-2025-5307
Santesoft Sante DICOM Viewer Pro
Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Santesoft products are affected: Sante DICOM Viewer Pro: Versions 14.2.1 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 The affected product contains a memory corruption vulnerability. A local attacker could exploit this issue to potentially disclose information and to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. CVE-2025-5307 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-5307. A base score of 8.4 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Cyprus 3.4 RESEARCHER Michael Heinzl reported this vulnerability to CISA. 4. MITIGATIONS Santesoft recommends users upgrade Sante DICOM Viewer Pro to version v14.2.2. CISA recommends users take defensive measures to minimize the risk of exploitation of this vulne...

EPSS Score: 0.02%

Source: All CISA Advisories
May 29th, 2025 (18 days ago)

CVE-2025-1907
Instantel Micromate
Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Instantel Equipment: Micromate Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the device's configuration port and execute commands. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Micromate are affected: Micromate: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected. CVE-2025-1907 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-1907. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Canada 3.4 RESEARCHER Souvik Kandar of MicroSec (microsec.io) reported this vulnerability to CISA. 4. MITIGATIONS Instantel is actively working on a firmware update to address this vulnerability. In the meantime, Micromate users are advised to implement the following workaround measures: Establish ...

EPSS Score: 0.14%

Source: All CISA Advisories
May 29th, 2025 (18 days ago)

CVE-2025-41438
Consilium Safety CS5000 Fire Panel
Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Consilium Safety Equipment: CS5000 Fire Panel Vulnerabilities: Initialization of a Resource with an Insecure Default, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain high-level access to and remotely operate the device, potentially putting it into a non-functional state. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Consilium Safety product is affected: CS5000 Fire Panel: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 INITIALIZATION OF A RESOURCE WITH AN INSECURE DEFAULT CWE-1188 The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely impact the device's operation if exploited. CVE-2025-41438 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-41438. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.2.2 USE OF HARD-CODED CREDENTIALS CWE-798 The CS5000 Fire Panel is vulnerable due to a hard-coded password that...

EPSS Score: 0.06%

Source: All CISA Advisories
May 29th, 2025 (18 days ago)