CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Langer & Langer GbR is a company that operates in the Retail industry. It employs 10to19 people and ha…
May 6th, 2025 (about 2 months ago)
|
CVE-2025-45250 |
Description: MrDoc v0.95 and before is vulnerable to Server-Side Request Forgery (SSRF) in the validate_url function of the app_doc/utils.py file.
EPSS Score: 0.02%
May 6th, 2025 (about 2 months ago)
|
|
CVE-2025-26262 |
Description: An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a crafted filename.
EPSS Score: 0.06%
May 6th, 2025 (about 2 months ago)
|
|
Description: Last week, ProjectDiscovery took home the title of Most Innovative Startup at the 2025 RSA Innovation Sandbox, the biggest stage in the world for security innovation. While much of this year’s buzz centered on securing AI, our win was a powerful signal: even as new frontiers emerge, foundational problems like vulnerability management remain unsolved. Security leaders are still spending millions on tools that generate noise instead of insight, and the industry is ready for a better way.
Our COO,
May 6th, 2025 (about 2 months ago)
|
|
Description: Summary
Due to a validation error in got.scpaping, it is possible to use an HTTP redirect to avoid IP filtering.
Details
In got.scpaping, Summaly first makes a HTTP HEAD request to the page being summarized. It then preforms private IP address checks on the HEAD response, then makes an additional HTTP GET request to the page being summarized. Unfortunately, since private IP address checks aren't performed on the GET response, the GET response can issue a HTTP redirect to a private IP address, which will succeed, regardless of if private IP addresses are allowed by Summaly.
PoC
With a simple Caddy webserver, you can get Summaly to summarize a page hosted via a local IP address:
@summaly-bypass-head {
method HEAD
path /summaly-bypass
}
@summaly-bypass-get {
method GET
path /summaly-bypass
}
header @summaly-bypass-head Content-Type "text/html"
respond @summaly-bypass-head 200
redir @summaly-bypass-get http://127.0.0.1:3080/
Impact
Using this bypass, an attacker can probe a victims internal network for HTTP services that aren't supposed to be exposed to the outside world. While they might only have read-only access through this, it may still be possible to extract sensitive information or be used to probe a network prior to attacking via other exploits without leaving a trace.
References
https://github.com/misskey-dev/summaly/security/advisories/GHSA-jqx4-9gpq-rppm
https://github.com/misskey-dev/summaly/commit/dfe6451012aac42eabe71d4ed721d8058c4066b4
https://...
May 6th, 2025 (about 2 months ago)
|
|
Description: Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. [...]
May 6th, 2025 (about 2 months ago)
|
|
|
Description: Affected Environments
Note that this issue only affects the V0 engine, which has been off by default since v0.8.0. Further, the issue only applies to a deployment using tensor parallelism across multiple hosts, which we do not expect to be a common deployment pattern.
Since V0 is has been off by default since v0.8.0 and the fix is fairly invasive, we have decided not to fix this issue. Instead we recommend that users ensure their environment is on a secure network in case this pattern is in use.
The V1 engine is not affected by this issue.
Impact
In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a SUB ZeroMQ socket and connect to an XPUB socket on the primary vLLM host.
https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L295-L301
When data is received on this SUB socket, it is deserialized with pickle. This is unsafe, as it can be abused to execute code on a remote machine.
https://github.com/vllm-project/vllm/blob/c21b99b91241409c2fdf9f3f8c542e8748b317be/vllm/distributed/device_communicators/shm_broadcast.py#L468-L470
Since the vulnerability exists in a client that connects to the primary vLLM host, this vulnerability serves as an escalation point. If the primary vLLM host is compromised, this vulnerability could be used to compromise the rest of the hosts in the vLLM deployment.
Attackers coul...
May 6th, 2025 (about 2 months ago)
|
|
|
Description: Impact
Based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists.
Patches
Patched in 10.8.10 and 13.8.1.
Workarounds
None available.
References
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-4g8m-5mj5-c8xg
https://github.com/umbraco/Umbraco-CMS/commit/14fbd20665b453cbf094ccf4575b79a9fba07e03
https://github.com/umbraco/Umbraco-CMS/commit/34709be6cce9752dfa767dffbf551305f48839bc
https://github.com/advisories/GHSA-4g8m-5mj5-c8xg
May 6th, 2025 (about 2 months ago)
|
|
|
Description: Impact:
A security issue has been found in terraform-provider-windns before version 1.0.5. The windns_record resource did not santize the input variables. This can lead to authenticated command injection in the underlyding powershell command prompt.
Patches:
83ef736 (fix: better input validation)
Fixed versions:
v1.0.5
References
https://github.com/nrkno/terraform-provider-windns/security/advisories/GHSA-4vgf-2cm4-mp7c
https://github.com/nrkno/terraform-provider-windns/commit/c76f69610c1b502f90aaed8c4f102194530b5bce
https://github.com/advisories/GHSA-4vgf-2cm4-mp7c
May 6th, 2025 (about 2 months ago)
|
|
|
Description: Summary
It seems that when running goshs without arguments it is possible for anyone to execute commands on the server. This was tested on version 1.0.4 of goshs. The command function was introduced in version 0.3.4.
Details
It seems that the function dispatchReadPump does not checks the option cli -c, thus allowing anyone to execute arbitrary command through the use of websockets.
PoC
Used websocat for the POC:
echo -e '{"type": "command", "content": "id"}' |./websocat 'ws://192.168.1.11:8000/?ws' -t
Impact
The vulnerability will only impacts goshs server on vulnerable versions.
References
https://github.com/patrickhener/goshs/security/advisories/GHSA-rwj2-w85g-5cmm
https://github.com/patrickhener/goshs/commit/160220974576afe5111485b8d12fd36058984cfa
https://github.com/advisories/GHSA-rwj2-w85g-5cmm
May 6th, 2025 (about 2 months ago)
|