CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: Impact Any guest can perform arbitrary remote code execution through a request to SolrSearch. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to /xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20. If there is an output, and the title of the RSS feed contains Hello from search text:42, then the instance is vulnerable. Patches This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Workarounds This line in Main.SolrSearchMacros can be edited to match the rawResponse macro defined here with a content type of application/xml, instead of simply outputting the content of the feed. References https://jira.xwiki.org/browse/XWIKI-22149 https://github.com/xwiki/xwiki-platform/commit/67021db9b8ed26c2236a653269302a86bf01ef40 Attribution This vulnerability has been reported by John Kwak for Trend Micro's Zero Day Initiative. References https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j https://github.com/xwiki/xwiki-platform/commit/67021db9b8ed26c2236a653269302a86bf01ef40 https://github.com/xwiki/xwiki-platform/blob/568447cad5172d97d6bbcfda9f6183689c2cf086/xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-...
Source: Github Advisory Database (Maven)
February 20th, 2025 (5 months ago)

CVE-2024-4028

Description: A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack. References https://nvd.nist.gov/vuln/detail/CVE-2024-4028 https://access.redhat.com/security/cve/CVE-2024-4028 https://bugzilla.redhat.com/show_bug.cgi?id=2276418 https://github.com/advisories/GHSA-q4xq-445g-g6ch

EPSS Score: 0.04%

Source: Github Advisory Database (Maven)
February 20th, 2025 (5 months ago)

CVE-2025-1391

Description: A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies on these claims for authorization, it may incorrectly assume a user belongs to an organization they are not a member of, potentially granting unauthorized access or privileges. References https://nvd.nist.gov/vuln/detail/CVE-2025-1391 https://access.redhat.com/security/cve/CVE-2025-1391 https://bugzilla.redhat.com/show_bug.cgi?id=2346082 https://github.com/keycloak/keycloak/commit/5aa2b4c75bb474303ab807017582bc01a9f7e378 https://github.com/advisories/GHSA-rq4w-cjrr-h8w8

EPSS Score: 0.03%

Source: Github Advisory Database (Maven)
February 20th, 2025 (5 months ago)
Description: An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation. [...]
Source: BleepingComputer
February 20th, 2025 (5 months ago)
Description: The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups.
Source: Dark Reading
February 20th, 2025 (5 months ago)
Description: William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research.
Source: Cisco Talos Blog
February 20th, 2025 (5 months ago)
Description: Health Net Federal Services (HNFS) and its parent company, Centene Corporation, have agreed to pay $11,253,400 to settle allegations that HNFS falsely certified compliance with cybersecurity requirements under its Defense Health Agency (DHA) TRICARE contract. [...]
Source: BleepingComputer
February 20th, 2025 (5 months ago)
Description: New Horizons Baking Company Has Fallen Victim to Cactus Ransomware
Source: DarkWebInformer
February 20th, 2025 (5 months ago)
Description: Dark Storm Team Targeted the Website of Bank of Central African States (BEAC)
Source: DarkWebInformer
February 20th, 2025 (5 months ago)
Description: The company, which owns IGN, CNET, PCMag, and dozens more outlets and properties, took down specific information about its diversity commitment on multiple pages on its website over the past several weeks. 
Source: 404 Media
February 20th, 2025 (5 months ago)