CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: In January 2025, 435k email addresses were scraped from the "doxing" service Doxbin. Posts to the service are usually intended to disclose the personal information of non-consensually third parties. The data was provided to HIBP by a source who requested it be attributed to "oathnet.ru".
January 28th, 2025 (5 months ago)
|
|
|
Description: WordPress Plugin "Simple Image Sizes" provided by Rahe contains a cross-site scripting vulnerability.
January 28th, 2025 (5 months ago)
|
CVE-2025-24814 |
Description: Core creation allows users to replace "trusted" configset files with arbitrary configuration
Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "user-managed" mode), and (2) are running without authentication and authorization are vulnerable to a sort of privilege escalation wherein individual "trusted" configset files can be ignored in favor of potentially-untrusted replacements available elsewhere on the filesystem. These replacement config files are treated as "trusted" and can use "" tags to add to Solr's classpath, which an attacker might use to load malicious code as a searchComponent or other plugin.
This issue affects all Apache Solr versions up through Solr 9.7. Users can protect against the vulnerability by enabling authentication and authorization on their Solr clusters or switching to SolrCloud (and away from "FileSystemConfigSetService"). Users are also recommended to upgrade to Solr 9.8.0, which mitigates this issue by disabling use of "" tags by default.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24783 |
Description: ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon.
This issue affects Apache Cocoon: all versions.
When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to.
As a mitigation, you may enable the "session-bound-continuations" option to make sure continuations are not shared across sessions.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24177 |
Description: A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. A remote attacker may be able to cause a denial-of-service.
EPSS Score: 0.05%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24176 |
Description: A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A local attacker may be able to elevate their privileges.
EPSS Score: 0.05%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24174 |
Description: The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to bypass Privacy preferences.
EPSS Score: 0.05%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24169 |
Description: A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.3, Safari 18.3. A malicious app may be able to bypass browser extension authentication.
EPSS Score: 0.05%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24166 |
Description: This issue was addressed through improved state management. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24163 |
Description: The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|