CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-25513

Description: Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (5 months ago)

CVE-2025-22974

Description: SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.

EPSS Score: 0.17%

Source: CVE
February 24th, 2025 (5 months ago)

CVE-2024-56525

Description: In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin.

EPSS Score: 0.06%

Source: CVE
February 24th, 2025 (5 months ago)

CVE-2024-53544

Description: NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL injection vulnerability via the getCookieNames method in the smarttimeplus/MySQLConnection endpoint.

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (5 months ago)

CVE-2024-53543

Description: NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL injection vulnerability via the addProject method in the smarttimeplus/MySQLConnection endpoint.

EPSS Score: 0.02%

Source: CVE
February 24th, 2025 (5 months ago)

CVE-2024-53542

Description: Incorrect access control in the component /iclock/Settings?restartNCS=1 of NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 allows attackers to arbitrarily restart the NCServiceManger via a crafted GET request.

EPSS Score: 0.04%

Source: CVE
February 24th, 2025 (5 months ago)

CVE-2025-22868

Description: Impact When parsing compact JWS or JWE input, go-jose could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of '.' characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Patches Version 4.0.5 fixes this issue Workarounds Applications could pre-validate payloads passed to go-jose do not contain an excessive number of '.' characters. References This is the same sort of issue as in the golang.org/x/oauth2/jws package as CVE-2025-22868 and Go issue https://go.dev/issue/71490. References https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78 https://github.com/golang/go/issues/71490 https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22 https://go.dev/issue/71490 https://github.com/advisories/GHSA-c6gw-w398-hv78

EPSS Score: 0.17%

Source: Github Advisory Database (Go)
February 24th, 2025 (5 months ago)
Description: The new Linux malware named Auto-color uses advanced evasion tactics. Discovered by Unit 42, this article cover its installation, evasion features and more. The post Auto-Color: An Emerging and Evasive Linux Backdoor appeared first on Unit 42.
Source: Palo Alto Unit42
February 24th, 2025 (5 months ago)
Description: Ransomware Attack Update for 24th of February 2025
Source: DarkWebInformer
February 24th, 2025 (5 months ago)
Description: A patch bypass for a bug in the popular desktop emulator enables root-level privilege escalation and has no fix in sight.
Source: Dark Reading
February 24th, 2025 (5 months ago)