CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-24255	A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones... Description: A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions. EPSS Score: 0.04% SSVC Exploitation: poc Source: CVE May 8th, 2025 (about 2 months ago)
CVE-2024-24112	xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter. Description: xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter. EPSS Score: 80.26% SSVC Exploitation: poc Source: CVE May 8th, 2025 (about 2 months ago)
	Supply chain attack hits npm package with 45,000 weekly downloads Description: An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system. [...] Source: BleepingComputer May 8th, 2025 (about 2 months ago)
	Education giant Pearson hit by cyberattack exposing customer data Description: Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. [...] Source: BleepingComputer May 8th, 2025 (about 2 months ago)
	SonicWall Issues Patch for Exploit Chain in SMA Devices 🚨 Marked as known exploited on May 8th, 2025 (about 2 months ago). Description: Three vulnerabilities in SMA 100 gateways could facilitate root RCE attacks, and one of the vulnerabilities has already been exploited in the wild. Source: Dark Reading May 8th, 2025 (about 2 months ago)
	Utilizing ASNs for Hunting & Response Description: Autonomous system numbers are like the address book of the internet, and not every IP address belongs to a “friendly” address. Learn more about how the Huntress Hunt & Response teams utilize ASNs. Source: Huntress Blog May 8th, 2025 (about 2 months ago)
CVE-2024-25302	Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter. Description: Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter. EPSS Score: 0.13% SSVC Exploitation: poc Source: CVE May 8th, 2025 (about 2 months ago)
CVE-2024-22012	there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional... Description: there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. EPSS Score: 0.02% SSVC Exploitation: none Source: CVE May 8th, 2025 (about 2 months ago)
	Email-Based Attacks Top Cyber-Insurance Claims Description: Cyber-insurance carrier Coalition said business email compromise and funds transfer fraud accounted for 60% of claims in 2024. Source: Dark Reading May 8th, 2025 (about 2 months ago)
	🏴‍☠️ Play has just published a new victim : UniTrak Description: Canada Source: Ransomware.live May 8th, 2025 (about 2 months ago)