CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-0352

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rapid Response Monitoring Equipment: My Security Account App Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attacker to access sensitive information of other users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rapid Response Monitoring products are affected: My Security Account App API: Versions prior to 7/29/24 3.2 VULNERABILITY OVERVIEW 3.2.1 Authorization Bypass Through User-Controlled Key CWE-639 Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users. CVE-2025-0352 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2025-0352. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Emergency Services COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: United States 3.4 RESEARCHER kbots reported this vulnerability to CISA. 4. MITIGATIONS Rapid Response Monitoring reports that this issue was patched on their end and no action is required ...

EPSS Score: 0.04%

Source: All CISA Advisories
February 20th, 2025 (5 months ago)

CVE-2025-1265

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elseta Equipment: Vinci Protocol Analyzer Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and perform code execution on the affected system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Elseta products are affected: Vinci Protocol Analyzer: Versions prior to 3.2.3.19 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system. CVE-2025-1265 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.9 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-1265. A base score of 9.4 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Communications COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Lithuania 3.4 RESEARCHER Nguyen Huu Thien Duc reported this vulnerability to CISA. 4. MITIGATIONS Elseta recommends a...

EPSS Score: 0.16%

Source: All CISA Advisories
February 20th, 2025 (5 months ago)

CVE-2024-10930

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Carrier Equipment: Block Load Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious actor to execute arbitrary code with escalated privileges . 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Carrier product, which is a HVAC load calculation program, are affected: Block Load: Version 4.16 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 The vulnerability could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges. CVE-2024-10930 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-10930. A base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities COUNTRIES/AREAS DEPLOYED: United States COMPANY HEADQUARTERS LOCATION: United States 3.4 RESEARCHER An anonymous researcher reported this vulnerability to Carrier. 4. MITIGATIONS Carrier recommends users to upgrade the product to v4.2 or later. If any issues arise, users are encouraged to contact Carrier directly. For more information refer to Carrier's security advisory. ...

EPSS Score: 0.07%

Source: All CISA Advisories
February 20th, 2025 (5 months ago)

CVE-2025-1001

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.7 ATTENTION: Low attack complexity Vendor: Medixant Equipment: RadiAnt DICOM Viewer Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a machine-in-the-middle attack (MITM), resulting in malicious updates being delivered to the user. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Medixant products are affected: RadiAnt DICOM Viewer: Version 2024.02 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295 The affected product is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modify the server's response and deliver a malicious update to the user. CVE-2025-1001 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). A CVSS v4 score has also been calculated for CVE-2025-1001. A base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Poland 3.4 RESEARCHER Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA. 4. MITIGATIO...

EPSS Score: 0.01%

Source: All CISA Advisories
February 20th, 2025 (5 months ago)
Description: Riverdale Country School Has Fallen Victim to RansomHub Ransomware
Source: DarkWebInformer
February 20th, 2025 (5 months ago)
Description: ProHEALTH Dental Has Fallen Victim to RansomHub Ransomware
Source: DarkWebInformer
February 20th, 2025 (5 months ago)
Description: A Threat Actor is Promoting a Crypto Drainer Targeting Mobile Wallets
Source: DarkWebInformer
February 20th, 2025 (5 months ago)
Description: Large Language Models (LLMs) can provide many benefits to security professionals by helping them analyze logs, detect phishing attacks, or offering threat intelligence. Learn from Wazuh how to incorporate an LLM, like ChatGPT, into its open source security platform. [...]
Source: BleepingComputer
February 20th, 2025 (5 months ago)
Description: Brand loyalty can act as a shield protecting organizations from the immediate impact of a breach, but that protection has a shelf life.
Source: Dark Reading
February 20th, 2025 (5 months ago)
Description: ONE Thousand and ONE Defaced the Website of RDX Py PrHighSchool
Source: DarkWebInformer
February 20th, 2025 (5 months ago)