CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
US news org still struggling to print papers a week after 'cybersecurity event'
Source: TheRegister
February 10th, 2025 (5 months ago)
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]
Description: In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one seems minor until it becomes the entry point for an attack. This week, we’ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question
Source: TheHackerNews
February 10th, 2025 (5 months ago)

CVE-2025-1175
Vulnerabilidad de Cross-Site Scripting (XSS) en Kelio Visio
Description: Cross-Site Scripting (XSS) vulnerability in Kelio Visio Mon, 02/10/2025 - 13:15 Aviso Affected Resources Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4: versions between 3.2C and 5.1K. Description INCIBE has coordinated the publication of a medium severity vulnerability affecting Kelio Visio 1, Visio X7 and Visio X4, a touch-screen punch terminal, which has been discovered by Ismael Pacheco Torrecilla.This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:CVE-2025-1175: CVSS v3.1: 6.1 | CVSS AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | CWE-79 Identificador INCIBE-2025-0068 3 - Medium Solution The vulnerability has been fixed by the Kelio Visio team in versions 4.5E11, 4.6K5 and 5.1L8. Detail CVE-2025-1175: Reflected Cross-Site Scripting (XSS) vulnerability in Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4. This vulnerability could allow an attacker to execute a JavaScript payload by making a POST request and injecting malicious code into the editable ‘username’ parameter of the ‘/PageLoginVisio.do’ endpoint. References list Product sheet - Kelio Visio ...

EPSS Score: 0.04%

Source: Incibe CERT
February 10th, 2025 (5 months ago)
Don't Overlook These 6 Critical Okta Security Configurations
Description: Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for
Source: TheHackerNews
February 10th, 2025 (5 months ago)

CVE-2025-25064
Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities
Description: Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting

EPSS Score: 0.05%

Source: TheHackerNews
February 10th, 2025 (5 months ago)
UK armed forces fast-tracking cyber warriors to defend digital front lines
Source: TheRegister
February 10th, 2025 (5 months ago)

CVE-2024-13176
SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2025:0349-1)
Description: Nessus Plugin ID 215165 with Medium Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0349-1 advisory. - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/215165

EPSS Score: 0.04%

Source: Tenable Plugins
February 10th, 2025 (5 months ago)

CVE-2024-13176
SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2025:0387-1)
Description: Nessus Plugin ID 215166 with Medium Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0387-1 advisory. - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected libopenssl-3-devel, libopenssl3 and / or openssl-3 packages. Read more at https://www.tenable.com/plugins/nessus/215166

EPSS Score: 0.04%

Source: Tenable Plugins
February 10th, 2025 (5 months ago)

CVE-2025-0725
SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2025:0370-1)
Description: Nessus Plugin ID 215169 with High Severity Synopsis The remote SUSE host is missing one or more security updates. Description The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0370-1 advisory. - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected curl, libcurl-devel, libcurl4 and / or libcurl4-32bit packages. Read more at https://www.tenable.com/plugins/nessus/215169

EPSS Score: 0.05%

Source: Tenable Plugins
February 10th, 2025 (5 months ago)

CVE-2024-11218
SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2025:0382-1)
Description: Nessus Plugin ID 215172 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0382-1 advisory. - CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. (bsc#1236270)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected podman, podman-docker, podman-remote and / or podmansh packages. Read more at https://www.tenable.com/plugins/nessus/215172

EPSS Score: 0.05%

Source: Tenable Plugins
February 10th, 2025 (5 months ago)