CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: Improvements in cyber hygiene and resiliency made it possible for victim organizations to skip paying ransom amounts in 2024.
Source: Dark Reading
February 11th, 2025 (5 months ago)

CVE-2025-1230

Description: Cross-Site Scripting (XSS) vulnerability in Prestashop Tue, 02/11/2025 - 14:09 Aviso Affected Resources Prestashop, 8.1.7 version. Description INCIBE has coordinated the publication of a medium severity vulnerability affecting Prestashop - a free open source platform designed to create and manage e-commerce - which has been discovered by David Aparicio Salcedo.This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:CVE-2025-1230: CVSS v3.1: 4.8 | CVSS AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N | CWE-79 Identificador INCIBE-2025-0072 3 - Medium Solution The manufacturer is working on a fix for this vulnerability. It is recommended to update to the latest version available. Detail CVE-2025-1230: Stored Cross-Site Scripting (XSS) vulnerability in Prestashop 8.1.7, due to the lack of proper validation of user input through ‘//index.php’, affecting the ‘link’ parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details. References list Prestashop Etiquetas 0day ...

EPSS Score: 0.04%

Source: Incibe CERT
February 11th, 2025 (5 months ago)
Description: Gcore’s latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% YoY rise in the total number of DDoS attacks with the largest attack peaking at a record 2 Tbps. The financial services sector saw the most dramatic increase, with a 117% rise in attacks, while gaming remained the most-targeted industry. This period’s findings emphasize the need for robust, adaptive DDoS
Source: TheHackerNews
February 11th, 2025 (5 months ago)
Description: Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system. Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-critical
Source: TheHackerNews
February 11th, 2025 (5 months ago)
Description: Nessus Plugin ID 216045 with Medium Severity Synopsis The remote Oracle Linux host is missing a security update. Description The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1215 advisory. [2018.2-10.1] - Remove jQuery from Doxygen files (RHEL-77669) [2018.2-10] - Apply patches from (BZ #1907561) - Bump releaseTenable has extracted the preceding description block directly from the Oracle Linux security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/216045
Source: Tenable Plugins
February 11th, 2025 (5 months ago)
Description: Nessus Plugin ID 216046 with Medium Severity Synopsis The remote Oracle Linux host is missing a security update. Description The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1210 advisory. [2020.3-8.1] - Remove jQuery from Doxygen output (RHEL-77693)Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/216046
Source: Tenable Plugins
February 11th, 2025 (5 months ago)

CVE-2025-1011

Description: Nessus Plugin ID 216055 with Critical Severity Synopsis The remote Ubuntu host is missing one or more security updates. Description The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7263-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2025-1011, CVE-2025-1013, CVE-2025-1014, CVE-2025-1016, CVE-2025-1017, CVE-2025-1018, CVE-2025-1019, CVE-2025-1020) Ivan Fratric discovered that Firefox did not properly handle XSLT data, leading to a use-after-free vulnerability. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2025-1009) Atte Kettunen discovered that Firefox did not properly manage memory in the Custom Highlight API, leading to a use-after-free vulnerability. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2025-1010) Nils Bars discovered that Firefox did not properly manage memory during concurrent delazification, leading to a use-after-free vulnerability. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2025...

EPSS Score: 0.07%

Source: Tenable Plugins
February 11th, 2025 (5 months ago)
Description: Nessus Plugin ID 216059 with Medium Severity Synopsis The remote PhotonOS host is missing multiple security updates. Description An update of the linux package has been released. Solution Update the affected Linux packages. Read more at https://www.tenable.com/plugins/nessus/216059
Source: Tenable Plugins
February 11th, 2025 (5 months ago)
Description: An update on the work to make Principles Based Assurance (PBA) usable in practice.
Source: NCSC Alerts and Advisories
February 11th, 2025 (5 months ago)
Description: Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025. NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim's host, allowing them to monitor the device's screen in real-time, control the keyboard and mouse, upload and download
Source: TheHackerNews
February 11th, 2025 (5 months ago)