CyberAlerts

Alleged sale of unauthorized admin access to three Romanian online shops

Description: Alleged sale of unauthorized admin access to three Romanian online shops

Source: DarkWebInformer

May 29th, 2025 (12 days ago)

Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools

Description: Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero. "CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on the victim's system," Cisco Talos researcher Chetan

Source: TheHackerNews

May 29th, 2025 (12 days ago)

Southeast Asian provider of ‘infrastructure laundering’ for scams is sanctioned by US

Description: Funnull Technology supports “hundreds of thousands of websites” dedicated to the scams, otherwise known as pig butchering, according to the sanctions announcement by the Treasury Department’s Office of Foreign Assets Control.

Source: The Record

May 29th, 2025 (12 days ago)

CVE-2025-45474

maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.

Description: maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.

EPSS Score: 0.05%

SSVC Exploitation: poc

Source: CVE

May 29th, 2025 (12 days ago)

CVE-2024-24945

A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary...

Description: A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php.

EPSS Score: 0.07%

SSVC Exploitation: poc

Source: CVE

May 29th, 2025 (12 days ago)

CVE-2024-24331

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the...

Description: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function.

EPSS Score: 1.17%

SSVC Exploitation: poc

Source: CVE

May 29th, 2025 (12 days ago)

CVE-2024-24327

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg...

Description: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function.

EPSS Score: 1.08%

SSVC Exploitation: poc

Source: CVE

May 29th, 2025 (12 days ago)

CVE-2024-24140

Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'

Description: Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'

EPSS Score: 2.1%

SSVC Exploitation: poc

Source: CVE

May 29th, 2025 (12 days ago)

CVE-2024-24061

springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add.

Description: springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add.

EPSS Score: 0.08%

SSVC Exploitation: poc

Source: CVE

May 29th, 2025 (12 days ago)

CVE-2024-23739

An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and...

Description: An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

EPSS Score: 24.74%

SSVC Exploitation: poc

Source: CVE

May 29th, 2025 (12 days ago)

Threat and Vulnerability Intelligence Database

Example Searches: