CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-0352	Rapid Response Monitoring My Security Account App Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rapid Response Monitoring Equipment: My Security Account App Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow attacker to access sensitive information of other users. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rapid Response Monitoring products are affected: My Security Account App API: Versions prior to 7/29/24 3.2 VULNERABILITY OVERVIEW 3.2.1 Authorization Bypass Through User-Controlled Key CWE-639 Rapid Response Monitoring My Security Account App utilizes an API that could be exploited by an attacker to modify request data, potentially causing the API to return information about other users. CVE-2025-0352 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2025-0352. A base score of 8.7 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Emergency Services COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: United States 3.4 RESEARCHER kbots reported this vulnerability to CISA. 4. MITIGATIONS Rapid Response Monitoring reports that this issue was patched on their end and no action is required ... EPSS Score: 0.04% Source: All CISA Advisories February 20th, 2025 (5 months ago)
CVE-2025-1265	Elseta Vinci Protocol Analyzer Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Elseta Equipment: Vinci Protocol Analyzer Vulnerability: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and perform code execution on the affected system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Elseta products are affected: Vinci Protocol Analyzer: Versions prior to 3.2.3.19 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system. CVE-2025-1265 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.9 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-1265. A base score of 9.4 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Communications COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Lithuania 3.4 RESEARCHER Nguyen Huu Thien Duc reported this vulnerability to CISA. 4. MITIGATIONS Elseta recommends a... EPSS Score: 0.16% Source: All CISA Advisories February 20th, 2025 (5 months ago)
CVE-2024-10930	Carrier Block Load Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Carrier Equipment: Block Load Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious actor to execute arbitrary code with escalated privileges . 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Carrier product, which is a HVAC load calculation program, are affected: Block Load: Version 4.16 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 The vulnerability could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges. CVE-2024-10930 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-10930. A base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities COUNTRIES/AREAS DEPLOYED: United States COMPANY HEADQUARTERS LOCATION: United States 3.4 RESEARCHER An anonymous researcher reported this vulnerability to Carrier. 4. MITIGATIONS Carrier recommends users to upgrade the product to v4.2 or later. If any issues arise, users are encouraged to contact Carrier directly. For more information refer to Carrier's security advisory. ... EPSS Score: 0.07% Source: All CISA Advisories February 20th, 2025 (5 months ago)
CVE-2025-1001	Medixant RadiAnt DICOM Viewer Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.7 ATTENTION: Low attack complexity Vendor: Medixant Equipment: RadiAnt DICOM Viewer Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a machine-in-the-middle attack (MITM), resulting in malicious updates being delivered to the user. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Medixant products are affected: RadiAnt DICOM Viewer: Version 2024.02 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295 The affected product is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modify the server's response and deliver a malicious update to the user. CVE-2025-1001 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). A CVSS v4 score has also been calculated for CVE-2025-1001. A base score of 5.7 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Poland 3.4 RESEARCHER Sharon Brizinov of Claroty Team82 reported this vulnerability to CISA. 4. MITIGATIO... EPSS Score: 0.01% Source: All CISA Advisories February 20th, 2025 (5 months ago)
	Riverdale Country School Has Fallen Victim to RansomHub Ransomware Description: Riverdale Country School Has Fallen Victim to RansomHub Ransomware Source: DarkWebInformer February 20th, 2025 (5 months ago)
	ProHEALTH Dental Has Fallen Victim to RansomHub Ransomware Description: ProHEALTH Dental Has Fallen Victim to RansomHub Ransomware Source: DarkWebInformer February 20th, 2025 (5 months ago)
	A Threat Actor is Promoting a Crypto Drainer Targeting Mobile Wallets Description: A Threat Actor is Promoting a Crypto Drainer Targeting Mobile Wallets Source: DarkWebInformer February 20th, 2025 (5 months ago)
	Integrating LLMs into security operations using Wazuh Description: Large Language Models (LLMs) can provide many benefits to security professionals by helping them analyze logs, detect phishing attacks, or offering threat intelligence. Learn from Wazuh how to incorporate an LLM, like ChatGPT, into its open source security platform. [...] Source: BleepingComputer February 20th, 2025 (5 months ago)
	When Brand Loyalty Trumps Data Security Description: Brand loyalty can act as a shield protecting organizations from the immediate impact of a breach, but that protection has a shelf life. Source: Dark Reading February 20th, 2025 (5 months ago)
	ONE Thousand and ONE Defaced the Website of RDX Py PrHighSchool Description: ONE Thousand and ONE Defaced the Website of RDX Py PrHighSchool Source: DarkWebInformer February 20th, 2025 (5 months ago)