CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: The FBI warned that cybercriminals using AI-generated audio deepfakes to target U.S. officials in voice phishing attacks that started in April. [...]
May 15th, 2025 (about 1 month ago)
|
|
[org.apache.iotdb:iotdb-jdbc] Apache IoTDB JDBC Driver Discloses Sensitive Information via Log Files
Description: Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver.
This issue affects iotdb-jdbc: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2.
Users are recommended to upgrade to version 2.0.2 and 1.3.4, which fix the issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-26795
https://lists.apache.org/thread/bj0ytxr5wg0c4jw8xm7rhfd8ogho0r91
http://www.openwall.com/lists/oss-security/2025/05/14/3
https://github.com/advisories/GHSA-gp98-hfvm-2r4x
EPSS Score: 0.04%
May 15th, 2025 (about 1 month ago)
|
|
Description: His remarks echo recent comments Commissioner Melissa Holyoak made in her personal capacity during a speech at a privacy conference, but are a more significant indicator of the agency’s new position on the issue given that he was speaking to lawmakers on behalf of the agency.
May 15th, 2025 (about 1 month ago)
|
|
Description: As gaming on Linux becomes more popular, Denuvo’s “activations” limit will become a bigger problem.
May 15th, 2025 (about 1 month ago)
|
|
Description: Dave Luber, a 38-year NSA veteran, is taking advantage of the early retirement option being offered by the agency as it aims to shed 8 percent of its civilian staff.
May 15th, 2025 (about 1 month ago)
|
|
May 15th, 2025 (about 1 month ago)
|
CVE-2025-46399 |
Description: In xfig diagramming tool, a segmentation fault in fig2dev allows memory corruption via local input manipulation at genge_itp_spline function.
EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
|
Description: Summary
A user on the website can modify any private field on their own state.
Details
An event meant to modify client side storage had access to modify any field on the state for the given user. This includes non-client side ones and most importantly private fields. This still requires the actor to guess the name for the private fields.
Impact
If one of the States in your app can be modified to allow the user into a different role or a different user this allows the actor to act as someone else or as admin.
References
https://github.com/reflex-dev/reflex/security/advisories/GHSA-rf8x-9mhr-49wg
https://github.com/reflex-dev/reflex/commit/cf8f5dbcbdd996f3478a7be660993f9c760ede36
https://github.com/advisories/GHSA-rf8x-9mhr-49wg
May 15th, 2025 (about 1 month ago)
|
|
Description: Austrian privacy non-profit noyb (none of your business) has sent Meta's Irish headquarters a cease-and-desist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users' data for training its artificial intelligence (AI) models without an explicit opt-in.
The move comes weeks after the social media behemoth announced its plans to train its AI models
May 15th, 2025 (about 1 month ago)
|
|
|
Description: Several soundness issues have been reported. Resolving them doesn't seem to be considered a priority. In particular, unprincipled use of mutable statics is pervasive throughout the library, making it possible to cause use-after-free in safe code.
Currently, no fixed version is available.
References
https://github.com/not-fl3/macroquad/issues/333
https://github.com/not-fl3/macroquad/issues/634
https://github.com/not-fl3/macroquad/issues/723
https://github.com/not-fl3/macroquad/issues/746
https://rustsec.org/advisories/RUSTSEC-2025-0035.html
https://github.com/advisories/GHSA-gg76-hg3v-5q6c
May 15th, 2025 (about 1 month ago)
|