CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description:
Nessus Plugin ID 216904 with Critical Severity
Synopsis
The remote PhotonOS host is missing multiple security updates.
Description
An update of the xerces package has been released.
Solution
Update the affected Linux packages.
Read more at https://www.tenable.com/plugins/nessus/216904
February 27th, 2025 (5 months ago)
|
CVE-2025-1738 |
Description: Multiple vulnerabilities in Trivision Camera NC227WF
Thu, 02/27/2025 - 10:22
Aviso
Affected Resources
Camera NC227WF, version 5.8.0.
Description
INCIBE has coordinated the publication of 2 high severity vulnerabilities affecting Trivision Camera NC227WF, version 5.8.0 which have been discovered by Andrea Brosio and Andris Raugulis.These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector and CWE vulnerability type for each vulnerability.CVE-2025-1738: CVSS v3.1: 6.2 | CVSS AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. | CWE-598.CVE-2025-1739: CVSS v3.1: 7.1 | CVSS AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N. | CWE-288.
Identificador
INCIBE-2025-0107
4 - High
Solution
There is no reported solution at this time.
Detail
CVE-2025-1738: vulnerability in the transmission of passwords through query strings, which exposes this confidential information to third parties.CVE-2025-1739: authentication bypass vulnerability in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity that allows an attacker to retrieve administrator credentials in cleartext by sending a request against the server using curl with random credentials to “/en/player/activex_pal.asp” and successfully authenticating the application.
References list
...
EPSS Score: 0.02%
February 27th, 2025 (5 months ago)
|
|
|
Description: Security researchers from George Mason University have uncovered a new attack, called nRootTag, that allows attackers to turn Bluetooth-enabled devices into covert Apple AirTag-like trackers — without needing root privileges. The new method exploits Apple's Find My network, which consists of over a billion Apple devices, to silently track computers, smartphones, and IoT devices with …
The post Apple’s Find My Exploited in nRootTag Attacks for User Tracking appeared first on CyberInsider.
February 27th, 2025 (5 months ago)
|
|
|
Description: D-Link has issued a security warning regarding a severe vulnerability in its DCS-8300LHv2 WiFi camera, which exposes sensitive credentials, including WiFi passwords and administrative access details. The flaw, originally discovered by cybersecurity researcher Alexis Lingad, affects all hardware revisions of the camera and remains unpatched due to the device reaching End-of-Life (EOL) and End-of-Service (EOS) …
The post D-Link Warns of Critical Security Flaw in Popular WiFi Camera appeared first on CyberInsider.
February 27th, 2025 (5 months ago)
|
|
|
Description: The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company's CEO Ben Zhou declared a "war against Lazarus."
The agency said the Democratic People's Republic of Korea (North Korea) was responsible for the theft of the virtual assets from the cryptocurrency exchange, attributing it to a specific cluster
February 27th, 2025 (5 months ago)
|
|
|
February 27th, 2025 (5 months ago)
|
|
|
Description: FBI has confirmed that North Korean hackers stole $1.5 billion from cryptocurrency exchange Bybit on Friday in the largest crypto heist recorded until now. [...]
February 27th, 2025 (5 months ago)
|
|
|
Description: In February 2025, the Romanian arm of telecommunications company Orange suffered a data breach which was subsequently published to a popular hacking forum. The data included 556k email addresses (of which hundreds of thousands were in the form of [phone number]@as1.romtelecom.net), phone numbers, subscription details, partial credit card data (type, last 4 digits, expiration date and issuing bank). The breach also exposed an extensive number of internal documents.
February 27th, 2025 (5 months ago)
|
|
CVE-2025-21797 |
Description: In the Linux kernel, the following vulnerability has been resolved:
HID: corsair-void: Add missing delayed work cancel for headset status
The cancel_delayed_work_sync() call was missed, causing a use-after-free
in corsair_void_remove().
EPSS Score: 0.02%
February 27th, 2025 (5 months ago)
|
|
CVE-2025-21796 |
Description: In the Linux kernel, the following vulnerability has been resolved:
nfsd: clear acl_access/acl_default after releasing them
If getting acl_default fails, acl_access and acl_default will be released
simultaneously. However, acl_access will still retain a pointer pointing
to the released posix_acl, which will trigger a WARNING in
nfs3svc_release_getacl like this:
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 26 PID: 3199 at lib/refcount.c:28
refcount_warn_saturate+0xb5/0x170
Modules linked in:
CPU: 26 UID: 0 PID: 3199 Comm: nfsd Not tainted
6.12.0-rc6-00079-g04ae226af01f-dirty #8
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.16.1-2.fc37 04/01/2014
RIP: 0010:refcount_warn_saturate+0xb5/0x170
Code: cc cc 0f b6 1d b3 20 a5 03 80 fb 01 0f 87 65 48 d8 00 83 e3 01 75
e4 48 c7 c7 c0 3b 9b 85 c6 05 97 20 a5 03 01 e8 fb 3e 30 ff <0f> 0b eb
cd 0f b6 1d 8a3
RSP: 0018:ffffc90008637cd8 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff83904fde
RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88871ed36380
RBP: ffff888158beeb40 R08: 0000000000000001 R09: fffff520010c6f56
R10: ffffc90008637ab7 R11: 0000000000000001 R12: 0000000000000001
R13: ffff888140e77400 R14: ffff888140e77408 R15: ffffffff858b42c0
FS: 0000000000000000(0000) GS:ffff88871ed00000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000562384d32158 CR3: 000000055cc6a000 CR4: 00000000000006f0
DR0: 00000...
EPSS Score: 0.02%
February 27th, 2025 (5 months ago)
|