CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-0725	SUSE SLES15 Security Update : curl (SUSE-SU-2025:0372-1) Description: Nessus Plugin ID 215180 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0372-1 advisory. - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected curl, libcurl-devel, libcurl4 and / or libcurl4-32bit packages. Read more at https://www.tenable.com/plugins/nessus/215180 EPSS Score: 0.05% Source: Tenable Plugins February 10th, 2025 (5 months ago)
	openSUSE 15 Security Update : etcd (SUSE-SU-2025:0357-1) Description: Nessus Plugin ID 215181 with Medium Severity Synopsis The remote openSUSE host is missing a security update. Description The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0357-1 advisory. Security Update to version 3.5.18: * Ensure all goroutines created by StartEtcd to exit before closing the errc * mvcc: restore tombstone index if it's first revision * Bump go toolchain to 1.22.11 * Avoid deadlock in etcd.Close when stopping during bootstrapping * etcdutl/etcdutl: use datadir package to build wal/snapdir * Remove duplicated <-s.ReadyNotify() * Do not wait for ready notify if the server is stopping * Fix mixVersion test case: ensure a snapshot to be sent out * : support custom content check offline in v2store Print warning message for deprecated flags if set * fix runtime error: comparing uncomparable type * add tls min/max version to grpc proxy - Fixing a configuration data loss bug: Fillup really really wants that the template and the target file actually follow the sysconfig format. The current config and the current template do not fulfill this requirement. Move the current /etc/sysconfig/etcd to /etc/default/etcd and install a new sysconfig file which only adds the ETCD_OPTIONS option, which is actually used by the unit file. This also makes it a ... Source: Tenable Plugins February 10th, 2025 (5 months ago)
CVE-2025-1009	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2025:0374-1) Description: Nessus Plugin ID 215182 with Critical Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0374-1 advisory. * MFSA 2025-09 * CVE-2025-1009 (bmo#1936613) Use-after-free in XSLT * CVE-2025-1010 (bmo#1936982) Use-after-free in Custom Highlight * CVE-2025-1011 (bmo#1936454) A bug in WebAssembly code generation could result in a crash * CVE-2025-1012 (bmo#1939710) Use-after-free during concurrent delazification * CVE-2024-11704 (bmo#1899402) Potential double-free vulnerability in PKCS#7 decryption handling * CVE-2025-1013 (bmo#1932555) Potential opening of private browsing tabs in normal browsing windows * CVE-2025-1014 (bmo#1940804) Certificate length was not properly checked * CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694, bmo#1938469, bmo#1939583, bmo#1940994) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 * CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7Tena... EPSS Score: 0.11% Source: Tenable Plugins February 10th, 2025 (5 months ago)
CVE-2024-13176	SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2025:0356-1) Description: Nessus Plugin ID 215183 with Medium Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0356-1 advisory. - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/215183 EPSS Score: 0.04% Source: Tenable Plugins February 10th, 2025 (5 months ago)
	Judge says US Treasury ‘more vulnerable to hacking’ since Trump let the DOGE out Source: TheRegister February 10th, 2025 (5 months ago)
	XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells Description: Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime Source: TheHackerNews February 10th, 2025 (5 months ago)
	A Cybersecurity Leader’s Guide to SecVal in 2025 Description: Are your defenses truly battle-tested? Security validation ensures you're not just hoping your security works—it proves it. Learn more from Pentera on how to validate against ransomware, credential threats, and unpatched vulnerabilities in the GOAT Guide. [...] Source: BleepingComputer February 10th, 2025 (5 months ago)
	Brave now lets you inject custom JavaScript to tweak websites Description: Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own JavaScript into websites, allowing deep customization and control over their browsing experience. [...] Source: BleepingComputer February 10th, 2025 (5 months ago)
	India wants all banking to happen at dedicated bank.in domain Source: TheRegister February 10th, 2025 (5 months ago)
	Adopt Me Trading Values - 86,136 breached accounts Description: In July 2022, the Adopt Me Trading Values website for assessing the value of pet trades within the "Adopt Me!" Roblox game suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 86k unique email addresses along with usernames (and Roblox usernames), IP addresses and bcrypt password hashes. The data was provided to HIBP by a source who requested it be attributed to "Leidhall". Source: HaveIBeenPwnedLatestBreaches February 10th, 2025 (5 months ago)