CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-52012	[org.apache.solr:solr-core] Apache Solr Relative Path Traversal vulnerability Description: Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API.  Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.   This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue.  Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users. References https://nvd.nist.gov/vuln/detail/CVE-2024-52012 https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd http://www.openwall.com/lists/oss-security/2025/01/26/2 https://github.com/apache/solr/commit/5795edd143b8fcb2ffaf7f278a099b8678adf396 https://issues.apache.org/jira/browse/SOLR-17543 https://github.com/advisories/GHSA-4p5m-gvpf-f3x5 EPSS Score: 0.04% Source: Github Advisory Database (Maven) January 27th, 2025 (5 months ago)
CVE-2025-24814	[org.apache.solr:solr-core] Apache Solr vulnerable to Execution with Unnecessary Privileges Description: Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem.  These replacement config files are treated as "trusted" and can use "" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin. This issue affects all Apache Solr versions up through Solr 9.7.  Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService").  Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of "" tags by default. References https://nvd.nist.gov/vuln/detail/CVE-2025-24814 https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1 http://www.openwall.com/lists/oss-security/2025/01/26/1 https://github.com/apache/solr/commit/f492e24881c5724a1b1baecfc9549e2cb0257525 https://issues.apache.org/jira/browse/SOLR-16781 https://github.com/advisories/GHSA-68r2-fwcg-qpm8 EPSS Score: 0.04% Source: Github Advisory Database (Maven) January 27th, 2025 (5 months ago)
CVE-2025-24783	[org.apache.cocoon:cocoon-forms-impl] Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator Description: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to. As a mitigation, you may enable the "session-bound-continuations" option to make sure continuations are not shared across sessions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. References https://nvd.nist.gov/vuln/detail/CVE-2025-24783 https://lists.apache.org/thread/pk86jp5cvn41432op8wv1k8p14mp27nz https://github.com/apache/cocoon/blob/32a4e41183ba74351d85060011151b2d58acfc52/blocks/cocoon-forms/cocoon-forms-impl/src/main/java/org/apache/cocoon/forms/formmodel/CaptchaField.java#L70 https://github.com/apache/cocoon/blob/32a4e41183ba74351d85060011151b2d58acfc52/core/cocoon-sitemap/cocoon-sitemap-impl/src/main/java/org/apache/cocoon/components/flow/ContinuationsManagerImpl.java#L112 https://github.com/advisories/GHSA-pff9-53m5-qr56 EPSS Score: 0.04% Source: Github Advisory Database (Maven) January 27th, 2025 (5 months ago)
CVE-2025-24783	[org.apache.cocoon:cocoon-sitemap-impl] Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator Description: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to. As a mitigation, you may enable the "session-bound-continuations" option to make sure continuations are not shared across sessions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. References https://nvd.nist.gov/vuln/detail/CVE-2025-24783 https://lists.apache.org/thread/pk86jp5cvn41432op8wv1k8p14mp27nz https://github.com/apache/cocoon/blob/32a4e41183ba74351d85060011151b2d58acfc52/blocks/cocoon-forms/cocoon-forms-impl/src/main/java/org/apache/cocoon/forms/formmodel/CaptchaField.java#L70 https://github.com/apache/cocoon/blob/32a4e41183ba74351d85060011151b2d58acfc52/core/cocoon-sitemap/cocoon-sitemap-impl/src/main/java/org/apache/cocoon/components/flow/ContinuationsManagerImpl.java#L112 https://github.com/advisories/GHSA-pff9-53m5-qr56 EPSS Score: 0.04% Source: Github Advisory Database (Maven) January 27th, 2025 (5 months ago)
	A Threat Actor Claims to be Selling Multiple Traders Leads Data Description: A Threat Actor Claims to be Selling Multiple Traders Leads Data Source: DarkWebInformer January 27th, 2025 (5 months ago)
	Microsoft Teams phishing attack alerts coming to everyone next month Description: Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025. [...] Source: BleepingComputer January 27th, 2025 (5 months ago)
	Google takes action after coder reports 'most sophisticated attack I've ever seen' Source: TheRegister January 27th, 2025 (5 months ago)
	A Threat Actor Claims to have Leaked Sensitive Information of Pirelli Tire LLC Description: A Threat Actor Claims to have Leaked Sensitive Information of Pirelli Tire LLC Source: DarkWebInformer January 27th, 2025 (5 months ago)
	Clone2Leak attacks exploit Git flaws to steal credentials Description: A set of three distinct but related attacks, dubbed 'Clone2Leak,' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. [...] Source: BleepingComputer January 27th, 2025 (5 months ago)
	DeepSeek Mania Shakes AI Industry to Its Core Description: /// Why a relatively unknown Chinese-developed AI model has turned the AI industry on its head. Source: 404 Media January 27th, 2025 (5 months ago)