CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

	Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August Description: Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. [...] Source: BleepingComputer June 2nd, 2025 (11 days ago)
	International operation takes down crypting sites used for testing malware Description: The sites were used for more than a decade by cybercriminals who wanted to test malware against security tools. Source: The Record June 2nd, 2025 (11 days ago)
	Microsoft and CrowdStrike partner to link hacking group names Description: Microsoft and CrowdStrike announced today that they've partnered to connect the aliases used for specific threat groups without actually using a single naming standard. [...] Source: BleepingComputer June 2nd, 2025 (11 days ago)
CVE-2025-45542	SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper... Description: SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries. EPSS Score: 0.17% SSVC Exploitation: poc Source: CVE June 2nd, 2025 (11 days ago)
CVE-2025-44172	Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. Description: Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. EPSS Score: 0.03% Source: CVE June 2nd, 2025 (11 days ago)
CVE-2025-44115	A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The... Description: A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting. EPSS Score: 0.03% Source: CVE June 2nd, 2025 (11 days ago)
CVE-2024-23525	The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig. Description: The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig. EPSS Score: 0.16% SSVC Exploitation: poc Source: CVE June 2nd, 2025 (11 days ago)
CVE-2024-22877	StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker... Description: StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened. EPSS Score: 0.19% SSVC Exploitation: none Source: CVE June 2nd, 2025 (11 days ago)
CVE-2024-22819	FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update. Description: FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update. EPSS Score: 0.09% SSVC Exploitation: poc Source: CVE June 2nd, 2025 (11 days ago)
CVE-2024-22628	Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end= Description: Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end= EPSS Score: 0.14% SSVC Exploitation: poc Source: CVE June 2nd, 2025 (11 days ago)