CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: HOLT CAT Has Fallen Victim to Cactus Ransomware
February 26th, 2025 (5 months ago)
|
|
|
Description: The immensely popular memecoin generator Pump.fun had its X account hacked to promote a fake "PUMP" token cryptocurrency scam. [...]
February 26th, 2025 (5 months ago)
|
CVE-2025-20111 |
Description:
A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k-healthdos-eOqSWK4g
This advisory is part of the February 2025 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2025 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.
Security Impact Rating: High
CVE: CVE-2025-20111
EPSS Score: 0.04%
February 26th, 2025 (5 months ago)
|
|
CVE-2025-20161 |
Description:
A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of specific elements within a software image. An attacker could exploit this vulnerability by installing a crafted image. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.
Note: Administrators should validate the hash of any software image before installation.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ici-dpOjbWxk
This advisory is part of the February 2025 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2025 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.
Security Impact Rating: Medium
CVE: CVE-2025-20161
EPSS Score: 0.23%
February 26th, 2025 (5 months ago)
|
|
CVE-2025-20116 |
Description:
Multiple vulnerabilities in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated attacker to access sensitive information, execute arbitrary commands, cause a denial of service (DoS) condition, or perform cross-site scripting (XSS) attacks. To exploit these vulnerabilities, the attacker must have valid administrative credentials.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5
Security Impact Rating: Medium
CVE: CVE-2025-20116,CVE-2025-20117,CVE-2025-20118,CVE-2025-20119
EPSS Score: 0.03%
February 26th, 2025 (5 months ago)
|
|
|
Description: Windows Active Directory (AD) service accounts are prime cyber-attack targets due to their elevated privileges and automated/continuous access to important systems. Learn from Specops Software about five best practices to help secure your Active Directory service accounts. [...]
February 26th, 2025 (5 months ago)
|
|
|
Description: A threat actor tracked as 'EncryptHub,' aka Larva-208, has been targeting organizations worldwide with spear-phishing and social engineering attacks to gain access to corporate networks. [...]
February 26th, 2025 (5 months ago)
|
|
CVE-2025-25827 |
Description: A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.
EPSS Score: 0.02%
February 26th, 2025 (5 months ago)
|
|
CVE-2025-25825 |
Description: A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section.
EPSS Score: 0.02%
February 26th, 2025 (5 months ago)
|
|
CVE-2025-25823 |
Description: A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php.
EPSS Score: 0.02%
February 26th, 2025 (5 months ago)
|