CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-12749	Competition Form <= 2.0 - Reflected XSS Description: The Competition Form WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE January 30th, 2025 (5 months ago)
	Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits Description: Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an authenticated Voyager user clicks on a malicious link, attackers can execute arbitrary code on the server," Sonar researcher Yaniv Nizry said in a write-up published earlier this week. The Source: TheHackerNews January 30th, 2025 (5 months ago)
	Fake Videos of Former First Lady Scam Namibians Description: Amateurish financial scams are common across Africa, and Namibia's influential former first lady, Monica Geingos, has emerged as a particularly effective host body for these messages. Source: Dark Reading January 30th, 2025 (5 months ago)
	PrintNightmare Aftermath: Windows Print Spooler is Better. What's Next? Description: While Microsoft has boosted the security of Windows Print Spooler in the three years since the disclosure of the PrintNightmare vulnerability, the service remains a spooky threat that organizations cannot afford to ignore. Source: Dark Reading January 30th, 2025 (5 months ago)
	Wacom says crooks probably swiped customer credit cards from its online checkout Source: TheRegister January 30th, 2025 (5 months ago)
	Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS) Description: Posted by David Fifield on Jan 29The page https://www.google.com/sorry/index is familiar to Tor and VPN users. It is the one that says "Our systems have detected unusual traffic from your computer network. Please try your request again later." You will frequently be redirected to this page when using Tor Browser, when you do a search on a Google site such as www.youtube.com or scholar.google.com. The text of the page reports the client IP address, a timestamp of the... Source: Full Disclosure Mailinglist January 30th, 2025 (5 months ago)
	Deepseek writes textbook insecure code in 2025-01-28 Description: Posted by Georgi Guninski on Jan 29Asking Deepseek on Jan 28 09:33:11 AM UTC 2025: Write a python CGI which takes as an argument string NAME and outputs "Hello"+NAME The Deepseek AI [3] returned: ==== name = form.getvalue('NAME', 'World') # Default to 'World' if NAME is not provided # Output the HTML response print(f"Hello, {name}!") *For security reasons,... Source: Full Disclosure Mailinglist January 30th, 2025 (5 months ago)
	Solana Pump.fun tool DogWifTool compromised to drain wallets Description: DogWifTools has disclosed on its official Discord channel that its software has been compromised by a supply chain attack that impacted its Windows client, infecting users with malware. [...] Source: BleepingComputer January 30th, 2025 (5 months ago)
	Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek Source: TheRegister January 30th, 2025 (5 months ago)
	Daily Dose of Dark Web Informer - January 29th, 2025 Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts. Source: DarkWebInformer January 30th, 2025 (5 months ago)