CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
[org.xwiki.platform:xwiki-platform-search-solr-ui] XWiki Platform allows remote code execution as guest via SolrSearchMacros request
Description: Impact Any guest can perform arbitrary remote code execution through a request to SolrSearch. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to /xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20. If there is an output, and the title of the RSS feed contains Hello from search text:42, then the instance is vulnerable. Patches This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Workarounds This line in Main.SolrSearchMacros can be edited to match the rawResponse macro defined here with a content type of application/xml, instead of simply outputting the content of the feed. References https://jira.xwiki.org/browse/XWIKI-22149 https://github.com/xwiki/xwiki-platform/commit/67021db9b8ed26c2236a653269302a86bf01ef40 Attribution This vulnerability has been reported by John Kwak for Trend Micro's Zero Day Initiative. References https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j https://github.com/xwiki/xwiki-platform/commit/67021db9b8ed26c2236a653269302a86bf01ef40 https://github.com/xwiki/xwiki-platform/blob/568447cad5172d97d6bbcfda9f6183689c2cf086/xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-...
Source: Github Advisory Database (Maven)
February 20th, 2025 (5 months ago)

CVE-2024-4028
[org.keycloak:keycloak-core] Keycloak allows cross-site scripting (XSS)
Description: A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack. References https://nvd.nist.gov/vuln/detail/CVE-2024-4028 https://access.redhat.com/security/cve/CVE-2024-4028 https://bugzilla.redhat.com/show_bug.cgi?id=2276418 https://github.com/advisories/GHSA-q4xq-445g-g6ch

EPSS Score: 0.04%

Source: Github Advisory Database (Maven)
February 20th, 2025 (5 months ago)

CVE-2025-1391
[org.keycloak:keycloak-services] Keycloak allows Incorrect Assignment of an Organization to a User
Description: A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies on these claims for authorization, it may incorrectly assume a user belongs to an organization they are not a member of, potentially granting unauthorized access or privileges. References https://nvd.nist.gov/vuln/detail/CVE-2025-1391 https://access.redhat.com/security/cve/CVE-2025-1391 https://bugzilla.redhat.com/show_bug.cgi?id=2346082 https://github.com/keycloak/keycloak/commit/5aa2b4c75bb474303ab807017582bc01a9f7e378 https://github.com/advisories/GHSA-rq4w-cjrr-h8w8

EPSS Score: 0.03%

Source: Github Advisory Database (Maven)
February 20th, 2025 (5 months ago)
Black Basta ransomware gang's internal chat logs leak online
Description: An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation. [...]
Source: BleepingComputer
February 20th, 2025 (5 months ago)
Ghost Ransomware Targets Orgs in 70+ Countries
Description: The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups.
Source: Dark Reading
February 20th, 2025 (5 months ago)
Efficiency? Security? When the quest for one grants neither.
Description: William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research.
Source: Cisco Talos Blog
February 20th, 2025 (5 months ago)
US healthcare org pays $11M settlement over alleged cybersecurity lapses
Description: Health Net Federal Services (HNFS) and its parent company, Centene Corporation, have agreed to pay $11,253,400 to settle allegations that HNFS falsely certified compliance with cybersecurity requirements under its Defense Health Agency (DHA) TRICARE contract. [...]
Source: BleepingComputer
February 20th, 2025 (5 months ago)
New Horizons Baking Company Has Fallen Victim to Cactus Ransomware
Description: New Horizons Baking Company Has Fallen Victim to Cactus Ransomware
Source: DarkWebInformer
February 20th, 2025 (5 months ago)
Dark Storm Team Targeted the Website of Bank of Central African States (BEAC)
Description: Dark Storm Team Targeted the Website of Bank of Central African States (BEAC)
Source: DarkWebInformer
February 20th, 2025 (5 months ago)
Ziff Davis, Owner of Sites Including IGN and CNET, Quietly Removed DEI Language From Its Website
Description: The company, which owns IGN, CNET, PCMag, and dozens more outlets and properties, took down specific information about its diversity commitment on multiple pages on its website over the past several weeks. 
Source: 404 Media
February 20th, 2025 (5 months ago)