CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
June 9th, 2025 (3 days ago)
|
|
Description: Why ‘thinking big’ is required to shift the dynamics of the technology market.
June 9th, 2025 (3 days ago)
|
|
Description: OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among other things.
"The [Russian-speaking] actor used our models to assist with developing and refining
June 9th, 2025 (3 days ago)
|
CVE-2025-5893 |
Description: Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.
CVSS: CRITICAL (9.8) EPSS Score: 0.08%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-5866 |
Description: A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index. Es wurde eine Schwachstelle in RT-Thread 5.1.0 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft die Funktion sys_sigprocmask der Datei rt-thread/components/lwp/lwp_syscall.c. Mittels Manipulieren des Arguments how mit unbekannten Daten kann eine improper validation of array index-Schwachstelle ausgenutzt werden.
CVSS: HIGH (8.0) EPSS Score: 0.03%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-5865 |
Description: A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor explains, that "[t]he timeout parameter should be checked to check if it can be accessed correctly in kernel mode and used temporarily in kernel memory." Eine kritische Schwachstelle wurde in RT-Thread 5.1.0 ausgemacht. Hierbei geht es um die Funktion sys_select der Datei rt-thread/components/lwp/lwp_syscall.c der Komponente Parameter Handler. Mittels dem Manipulieren des Arguments timeout mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden.
CVSS: HIGH (8.0) EPSS Score: 0.03%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-25209 |
Description: The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referred namespace. This creates space for a malicious actor with a developer persona access to leak those secrets over HTTP connection, as long the attacker knows the name of the targeted secrets and those secrets are limited to one line only.
EPSS Score: 0.02%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-25208 |
Description: A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster
EPSS Score: 0.03%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-25207 |
Description: The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.
CVSS: MEDIUM (5.7) EPSS Score: 0.03%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-5864 |
Description: A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.7.15 is able to address this issue. It is recommended to upgrade the affected component. In Tenda TDSEE App bis 1.7.12 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /app/ConfirmSmsCode der Komponente Password Reset Confirmation Code Handler. Durch Manipulation mit unbekannten Daten kann eine improper restriction of excessive authentication attempts-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 1.7.15 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: LOW (3.7) EPSS Score: 0.08%
June 9th, 2025 (3 days ago)
|