CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5866 |
Description: A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index. Es wurde eine Schwachstelle in RT-Thread 5.1.0 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft die Funktion sys_sigprocmask der Datei rt-thread/components/lwp/lwp_syscall.c. Mittels Manipulieren des Arguments how mit unbekannten Daten kann eine improper validation of array index-Schwachstelle ausgenutzt werden.
CVSS: HIGH (8.0) EPSS Score: 0.03%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-5865 |
Description: A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor explains, that "[t]he timeout parameter should be checked to check if it can be accessed correctly in kernel mode and used temporarily in kernel memory." Eine kritische Schwachstelle wurde in RT-Thread 5.1.0 ausgemacht. Hierbei geht es um die Funktion sys_select der Datei rt-thread/components/lwp/lwp_syscall.c der Komponente Parameter Handler. Mittels dem Manipulieren des Arguments timeout mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden.
CVSS: HIGH (8.0) EPSS Score: 0.03%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-25209 |
Description: The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only.
EPSS Score: 0.02%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-25208 |
Description: A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster
EPSS Score: 0.03%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-25207 |
Description: The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.
CVSS: MEDIUM (5.7) EPSS Score: 0.03%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-5864 |
Description: A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.15 is able to address this issue. It is recommended to upgrade the affected component. In Tenda TDSEE App bis 1.7.12 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /app/ConfirmSmsCode der Komponente Password Reset Confirmation Code Handler. Durch Manipulation mit unbekannten Daten kann eine improper restriction of excessive authentication attempts-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 1.7.15 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: LOW (3.7) EPSS Score: 0.08%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-5863 |
Description: A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in Tenda AC5 15.03.06.47 ausgemacht. Es geht dabei um die Funktion formSetRebootTimer der Datei /goform/SetRebootTimer. Durch die Manipulation des Arguments rebootTime mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.12%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-5862 |
Description: A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in Tenda AC7 15.03.06.44 gefunden. Es geht hierbei um die Funktion formSetPPTPUserList der Datei /goform/setPptpUserList. Mit der Manipulation des Arguments list mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.09%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-47712 |
Description: A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.
EPSS Score: 0.04%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-47711 |
Nbdkit: nbdkit-server: off-by-one error when processing block status may lead to a denial of service
Description: There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.
EPSS Score: 0.04%
June 9th, 2025 (3 days ago)
|