CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-35149	A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to... Description: A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins. EPSS Score: 0.08% Source: CVE December 31st, 2024 (6 months ago)
	Chinese State Hackers Breach US Treasury Department Description: In what's being called a 'major cybersecurity incident,' Beijing-backed adversaries broke into cyber vendor BeyondTrust to access US Department of Treasury workstations and steal unclassified data, according to a letter sent to lawmakers. Source: Dark Reading December 30th, 2024 (6 months ago)
	US Treasury Department breached through remote support platform Description: Chinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency. [...] Source: BleepingComputer December 30th, 2024 (6 months ago)
	EnergyWeaponUser and IntelBroker Claimed to have Leaked Data of IBookPark Description: EnergyWeaponUser and IntelBroker Claimed to have Leaked Data of IBookPark Source: DarkWebInformer December 30th, 2024 (6 months ago)
	[khoj] khoj has an IDOR in subscription management allows unauthorized subscription modifications Description: Summary An Insecure Direct Object Reference (IDOR) vulnerability in the update_subscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the request. Details The vulnerability exists in the subscription endpoint at /api/subscription. The endpoint uses an email parameter as a direct reference to user subscriptions without verifying object ownership. While authentication is required, there is no authorization check to verify if the authenticated user owns the referenced subscription. Vulnerable code in /api/subscription: @subscription_router.patch("") @requires(["authenticated"]) async def update_subscription(request: Request, email: str, operation: str): # IDOR: email parameter directly references user subscriptions without ownership verification customers = stripe.Customer.list(email=email).auto_paging_iter() customer = next(customers, None) if operation == "cancel": # Any authenticated user can modify any subscription referenced by email customer_id = customer.id for subscription in stripe.Subscription.list(customer=customer_id): stripe.Subscription.modify(subscription.id, cancel_at_period_end=True) PoC Create a customer account in stripe: Customer A: [email protected] (attacker) Log in as any user. Send this request: PATCH /api/[email protected]&operation=cancel HTTP/1.1 The subscripti... Source: Github Advisory Database (PIP) December 30th, 2024 (6 months ago)
	[tltneon/lgsl] LGSL has a reflected XSS at /lgsl_files/lgsl_list.php Description: Reflected XSS at /lgsl_files/lgsl_list.php Description: Vulnerability: A reflected XSS vulnerability exists in the Referer HTTP header of LGSL v6.2.1. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When crafted malicious input is provided in the Referer header, it is echoed back into an HTML attribute in the application’s response. The vulnerability is present at Line 20-24 $uri = $_SERVER['REQUEST_URI']; if ($lgsl_config['preloader']) { $uri = $_SERVER['HTTP_REFERER']; } Proof of Concept: Capture a request to the path /lgsl_files/lgsl_list.php. Inject the following payload into the Referer header: test'><script>alert(1)</script><. Send the request. The XSS payload is triggered when reloading. Impact: Execution of Malicious Code References https://github.com/tltneon/lgsl/security/advisories/GHSA-ggwq-xc72-33r3 https://github.com/tltneon/lgsl/commit/7ecb839df9358d21f64cdbff5b2536af25a77de1 https://github.com/advisories/GHSA-ggwq-xc72-33r3 Source: Github Advisory Database (Composer) December 30th, 2024 (6 months ago)
CVE-2024-54774	[dcat/laravel-admin] Dcat Admin Cross-site Scripting (XSS) vulnerability Description: Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create. References https://nvd.nist.gov/vuln/detail/CVE-2024-54774 https://github.com/taynes-llllzt/taynes/issues/4 https://github.com/advisories/GHSA-9q34-7hfr-h8jm EPSS Score: 0.04% Source: Github Advisory Database (Composer) December 30th, 2024 (6 months ago)
CVE-2024-54775	[dcat/laravel-admin] Dcat-Admin Cross-Site Scripting (XSS) vulnerability Description: Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions. References https://nvd.nist.gov/vuln/detail/CVE-2024-54775 https://github.com/taynes-llllzt/taynes/issues/5 https://github.com/advisories/GHSA-37x3-j9jq-vrjx EPSS Score: 0.04% Source: Github Advisory Database (Composer) December 30th, 2024 (6 months ago)
	[xous] xous has unsound usages of `core::slice::from_raw_parts` Description: We consider as_slice and as_slice_mut unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated from_parts. We consider that from_parts should be removed in latest version because it will help trigger unsoundness in as_slice. With new declared as unsafe, as_slice should also declared as unsafe. This was patched in by marking two functions as unsafe. References https://github.com/betrusted-io/xous-core/issues/410 https://github.com/betrusted-io/xous-core/pull/411 https://rustsec.org/advisories/RUSTSEC-2024-0431.html https://github.com/advisories/GHSA-gv7f-5qqh-vxfx Source: Github Advisory Database (Rust) December 30th, 2024 (6 months ago)
	[magic-crypt] magic-crypt uses insecure cryptographic algorithms Description: This crate uses a number of cryptographic algorithms that are no longer considered secure and it uses them in ways that do not guarantee the integrity of the encrypted data. MagicCrypt64 uses the insecure DES block cipher in CBC mode without authentication. This allows for practical brute force and padding oracle attacks and does not protect the integrity of the encrypted data. Key and IV are generated from user input using CRC64, which is not at all a key derivation function. MagicCrypt64, MagicCrypt128, MagicCrypt192, and MagicCrypt256 are all vulnerable to padding-oracle attacks. None of them protect the integrity of the ciphertext. Furthermore, none use password-based key derivation functions, even though the key is intended to be generated from a password. Each of the implementations are unsound in that they use uninitialized memory without MaybeUninit or equivalent structures. For more information, visit the issue. References https://github.com/magiclen/rust-magiccrypt/issues/17 https://rustsec.org/advisories/RUSTSEC-2024-0430.html https://github.com/advisories/GHSA-gmx7-gr5q-85w5 Source: Github Advisory Database (Rust) December 30th, 2024 (6 months ago)