CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A "highly active" Chinese threat group is taking proverbial candy from babies, exploiting known bugs in exposed servers to steal data from organizations in sensitive sectors.
May 30th, 2025 (12 days ago)
|
CVE-2024-22643 |
Description: A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets.
EPSS Score: 0.12% SSVC Exploitation: none
May 30th, 2025 (12 days ago)
|
|
Description: Office National is an Australian network of independent office supply stores. It is located in a suburb of Sydney, NSW, Australia.
May 30th, 2025 (12 days ago)
|
|
|
Description: [AI generated] N/A
May 30th, 2025 (12 days ago)
|
|
|
Description: [AI generated] "Visco.de" is a German-based company specializing in contemporary multimedia and internet applications. Their services range from creating websites, shopping systems, catalog APPs, to digitalization and automation of business processes. With a team of competent programmers and designers, they provide individual solutions tailored to the specific needs of their customers. They also offer SEO services to increase their clients' online visibility.
May 30th, 2025 (12 days ago)
|
|
|
Description: [AI generated] N/A
May 30th, 2025 (12 days ago)
|
|
|
Description: [AI generated] Don Owen Tire Service, Inc. is a locally owned tire and automotive service provider based in Bloomington, Illinois. Founded in 1986, the company offers tire sales and services including alignment, rotation, and flat tire repair. Additionally, they provide comprehensive auto repair and maintenance services like brake repair, oil change, and battery replacement.
May 30th, 2025 (12 days ago)
|
|
|
Description: [AI generated] Founded in 1868, sfhumanesociety.org is associated with the San Francisco Society for the Prevention of Cruelty to Animals (SFSPCA). As one of the world's pioneer animal welfare organizations, its mission is to save and protect animals, provide care and treatment, advocate for their welfare, and enhance the human-animal bond. It offers services including animal adoption, veterinary care, and community education.
May 30th, 2025 (12 days ago)
|
|
|
Description: [AI generated] The Meeks Group is an Oklahoma-based company that specializes in providing various advertising services to businesses. Their service range includes graphic design, digital printing, exterior and interior signage, promotional items, and direct mail marketing. They aim to aid businesses in enhancing their brand visibility and reaching their target audience effectively.
May 30th, 2025 (12 days ago)
|
|
Description: CWE ID: CWE-532 (Insertion of Sensitive Information into Log File)
CVSS: 7.5 (High)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Component: Para Server Initialization Logging
Version: Para v1.50.6
File Path: para-1.50.6/para-server/src/main/java/com/erudika/para/server/utils/HealthUtils.java
Vulnerable Line(s): Line 132 (via logger.info(...) with root credentials)
Technical Details:
The vulnerability is located in the HealthUtils.java file, where a failed configuration file write triggers the following logging statement:
logger.info("Initialized root app with access key '{}' and secret '{}', but could not write these to {}.",
rootAppCredentials.get("accessKey"),
rootAppCredentials.get("secretKey"),
confFile);
This exposes both access and secret keys in logs without redaction. These credentials are later reused in variable assignments for persistence but do not require logging for debugging or system health purposes.
References
https://github.com/Erudika/para/security/advisories/GHSA-v75g-77vf-6jjq
https://github.com/Erudika/para/commit/1e8a89558542854bb0683ab234c4429ad93b0835
https://github.com/advisories/GHSA-v75g-77vf-6jjq
May 30th, 2025 (12 days ago)
|