CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: The European Union sanctioned three hackers, part of Unit 29155 of Russia's military intelligence service (GRU), for their involvement in cyberattacks targeting Estonia's government agencies in 2020. [...]
Source: BleepingComputer
January 27th, 2025 (5 months ago)
Description: Windows 11 taskbar is testing a new feature that helps you understand the current power state of your laptop's battery, including showing the battery percentage directly on the taskbar. [...]
Source: BleepingComputer
January 27th, 2025 (5 months ago)
Description: In a slate of several bills restricting reproductive rights and divorce, Oklahoma senator Dusty Deevers suggests anyone making anything even vaguely pornographic should go to jail.
Source: 404 Media
January 27th, 2025 (5 months ago)
Description: The Phemex crypto exchange suffered a massive security breach on Thursday where threat actors stole over $85 million worth of cryptocurrency. [...]
Source: BleepingComputer
January 27th, 2025 (5 months ago)

CVE-2024-52012

Description: Relative Path Traversal vulnerability in Apache Solr. Solr instances running on Windows are vulnerable to arbitrary filepath write-access, due to a lack of input-sanitation in the "configset upload" API.  Commonly known as a "zipslip", maliciously constructed ZIP files can use relative filepaths to write data to unanticipated parts of the filesystem.   This issue affects Apache Solr: from 6.6 through 9.7.0. Users are recommended to upgrade to version 9.8.0, which fixes the issue.  Users unable to upgrade may also safely prevent the issue by using Solr's "Rule-Based Authentication Plugin" to restrict access to the configset upload API, so that it can only be accessed by a trusted set of administrators/users. References https://nvd.nist.gov/vuln/detail/CVE-2024-52012 https://lists.apache.org/thread/yp39pgbv4vf1746pf5yblz84lv30vfxd http://www.openwall.com/lists/oss-security/2025/01/26/2 https://github.com/apache/solr/commit/5795edd143b8fcb2ffaf7f278a099b8678adf396 https://issues.apache.org/jira/browse/SOLR-17543 https://github.com/advisories/GHSA-4p5m-gvpf-f3x5

EPSS Score: 0.04%

Source: Github Advisory Database (Maven)
January 27th, 2025 (5 months ago)

CVE-2025-24814

Description: Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem.  These replacement config files are treated as "trusted" and can use "" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin. This issue affects all Apache Solr versions up through Solr 9.7.  Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService").  Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of "" tags by default. References https://nvd.nist.gov/vuln/detail/CVE-2025-24814 https://lists.apache.org/thread/gl291pn8x9f9n52ys5l0pc0b6qtf0qw1 http://www.openwall.com/lists/oss-security/2025/01/26/1 https://github.com/apache/solr/commit/f492e24881c5724a1b1baecfc9549e2cb0257525 https://issues.apache.org/jira/browse/SOLR-16781 https://github.com/advisories/GHSA-68r2-fwcg-qpm8

EPSS Score: 0.04%

Source: Github Advisory Database (Maven)
January 27th, 2025 (5 months ago)

CVE-2025-24783

Description: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to. As a mitigation, you may enable the "session-bound-continuations" option to make sure continuations are not shared across sessions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. References https://nvd.nist.gov/vuln/detail/CVE-2025-24783 https://lists.apache.org/thread/pk86jp5cvn41432op8wv1k8p14mp27nz https://github.com/apache/cocoon/blob/32a4e41183ba74351d85060011151b2d58acfc52/blocks/cocoon-forms/cocoon-forms-impl/src/main/java/org/apache/cocoon/forms/formmodel/CaptchaField.java#L70 https://github.com/apache/cocoon/blob/32a4e41183ba74351d85060011151b2d58acfc52/core/cocoon-sitemap/cocoon-sitemap-impl/src/main/java/org/apache/cocoon/components/flow/ContinuationsManagerImpl.java#L112 https://github.com/advisories/GHSA-pff9-53m5-qr56

EPSS Score: 0.04%

Source: Github Advisory Database (Maven)
January 27th, 2025 (5 months ago)

CVE-2025-24783

Description: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to. As a mitigation, you may enable the "session-bound-continuations" option to make sure continuations are not shared across sessions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. References https://nvd.nist.gov/vuln/detail/CVE-2025-24783 https://lists.apache.org/thread/pk86jp5cvn41432op8wv1k8p14mp27nz https://github.com/apache/cocoon/blob/32a4e41183ba74351d85060011151b2d58acfc52/blocks/cocoon-forms/cocoon-forms-impl/src/main/java/org/apache/cocoon/forms/formmodel/CaptchaField.java#L70 https://github.com/apache/cocoon/blob/32a4e41183ba74351d85060011151b2d58acfc52/core/cocoon-sitemap/cocoon-sitemap-impl/src/main/java/org/apache/cocoon/components/flow/ContinuationsManagerImpl.java#L112 https://github.com/advisories/GHSA-pff9-53m5-qr56

EPSS Score: 0.04%

Source: Github Advisory Database (Maven)
January 27th, 2025 (5 months ago)
Description: A Threat Actor Claims to be Selling Multiple Traders Leads Data
Source: DarkWebInformer
January 27th, 2025 (5 months ago)
Description: Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025. [...]
Source: BleepingComputer
January 27th, 2025 (5 months ago)