CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

	FortiWeb vulnerable to SQL injection Description: FortiWeb provided by Fortinet, Inc. contains an SQL injection vulnerability. Source: Japan Vulnerability Notes (JVN) January 21st, 2025 (5 months ago)
CVE-2025-21655	io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period Description: In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directly if the refcount drops to zero. This isn't correct, as any potential freeing of the io_ev_fd should be deferred another RCU grace period. Just call io_eventfd_put() rather than open-code the dec-and-test and free, which will correctly defer it another RCU grace period. EPSS Score: 0.05% Source: CVE January 21st, 2025 (5 months ago)
CVE-2025-0590	Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk. Description: Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk. EPSS Score: 0.04% Source: CVE January 21st, 2025 (5 months ago)
CVE-2024-53103	hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer Description: In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL. EPSS Score: 0.04% Source: CVE January 21st, 2025 (5 months ago)
CVE-2024-5042	Submariner-operator: rbac permissions can allow for the spread of node compromises Description: A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster. EPSS Score: 0.05% Source: CVE January 21st, 2025 (5 months ago)
CVE-2024-13454	Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created... Description: Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3 EPSS Score: 0.04% Source: CVE January 21st, 2025 (5 months ago)
	Daily Dose of Dark Web Informer - January 20th, 2025 Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts. Source: DarkWebInformer January 20th, 2025 (5 months ago)
	A Threat Actor Claims to have Leaked Unidentified B2B Companies in the Czech Republic Description: A Threat Actor Claims to have Leaked Unidentified B2B Companies in the Czech Republic Source: DarkWebInformer January 20th, 2025 (5 months ago)
	How NAT Works Description: How NAT Works Source: DarkWebInformer January 20th, 2025 (5 months ago)
	Microsoft: Exchange 2016 and 2019 reach end of support in October Description: Microsoft has reminded admins that Exchange 2016 and Exchange 2019 will reach the end of extended support in October and shared guidance for those who need to decommission outdated servers. [...] Source: BleepingComputer January 20th, 2025 (5 months ago)