CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A critical security flaw in ASUS DriverHub, a utility pre-installed on many ASUS motherboards, can be exploited to achieve remote code execution (RCE) with administrative privileges. ASUS has addressed the issue in a recent update, but the vulnerability window has been open for an indeterminate period, while manual action from impacted users is required to …
The post Critical Flaw in ASUS DriverHub Exposes Users to Remote Code Execution appeared first on CyberInsider.
May 12th, 2025 (about 2 months ago)
|
|
May 12th, 2025 (about 2 months ago)
|
|
Description: Reflected Cross-Site Scripting (XSS) in AbanteCart
Mon, 05/12/2025 - 09:58
Aviso
Affected Resources
AbanteCart v1.4.0.
Description
INCIBE has coordinated the publication of 2 medium severity vulnerabilities affecting AbanteCart, an eCommerce Platform. These vulnerabilities have been discovered by 6h4ack.These vulnerabilities have been assigned the following codes, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:CVE-2025-40626 and CVE-2025-40627: CVSS v4.0: 5.1 | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79
Identificador
INCIBE-2025-0229
3 - Medium
Solution
Update to the last version 1.4.1.
Detail
AbanteCart has two Reflected Cross-Site Scripting (XSS) vulnerabilities that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. These vulnerabilities can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. For each vulnerability, the malicious URLs are:CVE-2025-40626: "/about_us?[CARGA_XSS]"CVE-2025-40627: "/eyes?[CARGA_XSS]"
References list
AbanteCart
Etiq...
EPSS Score: 0.06%
May 12th, 2025 (about 2 months ago)
|
|
May 12th, 2025 (about 2 months ago)
|
|
Description: Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile.
"Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms – often advertised via legitimate-looking Facebook groups and viral social media campaigns,"
May 12th, 2025 (about 2 months ago)
|
CVE-2025-3597 |
Description: The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free version too, making it theoretically exploitable there as well.
EPSS Score: 0.03%
May 12th, 2025 (about 2 months ago)
|
|
May 12th, 2025 (about 2 months ago)
|
|
Description: Ricoh laser printers and MFPs (multifunction printers) which implement Web Image Monitor contain a reflected cross-site scripting vulnerability.
May 12th, 2025 (about 2 months ago)
|
|
Description: [AI generated] Morrice Transportation is a well-established logistics and transportation company based in Windsor, Ontario, Canada. The company provides ground freight transportation services across North America. They offer a range of services including cross-border shipping, expedited service, and hazardous materials hauling. Morrice Transport utilizes a fleet of over 300 pieces of equipment to deliver solutions for transport challenges.
May 11th, 2025 (about 2 months ago)
|
|
|
Description: [AI generated] "Gewandhaus.bayern" is a company based in Munich, Germany, specializing in the provision of high-end designer fashion and accessories. They offer a wide range of products from renowned luxury designers globally. Aside from physical shopping, the company also offers online services. The company promises authenticity in all its products while providing exclusive shopping experience to customers.
May 11th, 2025 (about 2 months ago)
|