CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-24001 |
Description: jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism.
EPSS Score: 0.04% SSVC Exploitation: poc
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-23756 |
Description: The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.
EPSS Score: 0.22% SSVC Exploitation: poc
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-23749 |
Description: KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution.
EPSS Score: 0.19% SSVC Exploitation: poc
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-23660 |
🚨 Marked as known exploited on May 15th, 2025 (about 1 month ago).
Description: The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets.
EPSS Score: 0.16% SSVC Exploitation: poc
May 15th, 2025 (about 1 month ago)
|
|
Description: Multiple Corporate RDWeb Access Listings Offered for Sale
May 15th, 2025 (about 1 month ago)
|
|
Description: ITinSell Falls Victim to Qilin Ransomware Group
May 15th, 2025 (about 1 month ago)
|
|
Description: Fraudsters worldwide apply for money from the US government using stolen and forged identities, making off with hundreds of billions of dollars annually.
May 15th, 2025 (about 1 month ago)
|
|
Description: The shirts will be returned to China or will be “destroyed under CBP supervision."
May 15th, 2025 (about 1 month ago)
|
|
Description: Hackers are running a worldwide cyberespionage campaign dubbed 'RoundPress,' leveraging zero-day and n-day flaws in webmail servers to steal email from high-value government organizations. [...]
May 15th, 2025 (about 1 month ago)
|
|
Description: In this week’s newsletter, Thor inspects the LockBit leak, finding $10,000 “security tips,” ransom negotiations gone wrong and a rare glimpse into the human side of cybercrime.
May 15th, 2025 (about 1 month ago)
|