CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-44831	EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface. Description: EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface. EPSS Score: 0.04% Source: CVE May 13th, 2025 (about 1 month ago)
CVE-2025-28055	upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit Description: upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file read vulnerabilit EPSS Score: 0.06% Source: CVE May 13th, 2025 (about 1 month ago)
CVE-2024-56526	An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty... Description: An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error. EPSS Score: 0.04% Source: CVE May 13th, 2025 (about 1 month ago)
	Alleged Date for Sale of Chocolates Helena Description: Alleged Date for Sale of Chocolates Helena Source: DarkWebInformer May 13th, 2025 (about 1 month ago)
	Ivanti warns of critical Neurons for ITSM auth bypass flaw Description: Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability. [...] Source: BleepingComputer May 13th, 2025 (about 1 month ago)
	South Korean researchers uncover another cyber-espionage campaign from the North Description: A group tracked as APT37 or ScarCruft is once again phishing South Korean organizations with national security interests, according to analysts at cybersecurity firm Genians. Source: The Record May 13th, 2025 (about 1 month ago)
	Alleged Sale of Hong Kong Return Permit Records Description: Alleged Sale of Hong Kong Return Permit Records Source: DarkWebInformer May 13th, 2025 (about 1 month ago)
	Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads Description: Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first Source: TheHackerNews May 13th, 2025 (about 1 month ago)
CVE-2024-8418	Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service Description: A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing out. This issue prevents legitimate users from accessing DNS services, thereby disrupting normal operations and causing service downtime. EPSS Score: 0.49% SSVC Exploitation: none Source: CVE May 13th, 2025 (about 1 month ago)
	Alleged Sale to Unidentified $8 Billion Insurance Company in USA Description: Alleged Sale to Unidentified $8 Billion Insurance Company in USA Source: DarkWebInformer May 13th, 2025 (about 1 month ago)