CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-42977
Directory Traversal vulnerability in SAP NetWeaver Visual Composer
Description: SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. This allows an attacker to read or modify arbitrary files, resulting in a high impact on confidentiality and a low impact on integrity.

CVSS: HIGH (7.6)

EPSS Score: 0.17%

Source: CVE
June 10th, 2025 (4 days ago)

CVE-2025-31325
Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver (ABAP Keyword Documentation)
Description: Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When a victim accesses the affected page, the script executes in their browser, providing the attacker limited access to restricted information. The vulnerability does not affect data integrity or availability and operates entirely within the context of the client's browser.

CVSS: MEDIUM (5.8)

EPSS Score: 0.06%

Source: CVE
June 10th, 2025 (4 days ago)

CVE-2025-23192
Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI Workspace)
Description: SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable. This leads to a high impact on confidentiality and low impact on integrity, availability.

CVSS: HIGH (8.2)

EPSS Score: 0.09%

Source: CVE
June 10th, 2025 (4 days ago)
Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Description: Posted by josephgoyd via Fulldisclosure on Jun 09Hello Full Disclosure, This is a strategic public disclosure of a zero-click iMessage exploit chain that was discovered live on iOS 18.2 and remained unpatched through iOS 18.4. It enabled Secure Enclave key theft, wormable remote code execution, and undetectable crypto wallet exfiltration. Despite responsible disclosure, the research was suppressed by the vendor. Apple issued a silent fix in iOS 18.4.1 (April 2025) without public...

CVSS: HIGH (7.5)

Source: Full Disclosure Mailinglist
June 10th, 2025 (4 days ago)
SEC Consult SA-20250604-0 :: Local Privilege Escalation and Default Credentials in INDAMED - MEDICAL OFFICE (Medical practice management) Demo version
Description: Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 09SEC Consult Vulnerability Lab Security Advisory < 20250604-0 > ======================================================================= title: Local Privilege Escalation and Default Credentials product: INDAMED - MEDICAL OFFICE (Medical practice management) Demo version vulnerable version: Revision 18544 (II/2024) fixed version: Q2/2025 (Privilege Escalation, Default Password)...
Source: Full Disclosure Mailinglist
June 10th, 2025 (4 days ago)

CVE-2025-5903
TOTOLINK T10 POST Request cstecgi.cgi setWiFiAclRules buffer overflow
Description: A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in TOTOLINK T10 4.1.8cu.5207 ausgemacht. Hiervon betroffen ist die Funktion setWiFiAclRules der Datei /cgi-bin/cstecgi.cgi der Komponente POST Request Handler. Mit der Manipulation des Arguments desc mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (8.7)

EPSS Score: 0.08%

Source: CVE
June 10th, 2025 (4 days ago)

CVE-2025-5902
TOTOLINK T10 POST Request cstecgi.cgi setUpgradeFW buffer overflow
Description: A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in TOTOLINK T10 4.1.8cu.5207 gefunden. Davon betroffen ist die Funktion setUpgradeFW der Datei /cgi-bin/cstecgi.cgi der Komponente POST Request Handler. Dank Manipulation des Arguments slaveIpList mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (8.8)

EPSS Score: 0.08%

Source: CVE
June 10th, 2025 (4 days ago)

CVE-2025-0037
In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to...
Description: In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality.

CVSS: MEDIUM (6.6)

EPSS Score: 0.02%

Source: CVE
June 10th, 2025 (4 days ago)
[taro-css-to-react-native] taro-css-to-react-native Regular Expression Denial of Service vulnerability
Description: A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 4.1.2 is able to address this issue. The name of the patch is c2e321a8b6fc873427c466c69f41ed0b5e8814bf. It is recommended to upgrade the affected component. References https://nvd.nist.gov/vuln/detail/CVE-2025-5896 https://github.com/NervJS/taro/pull/17619 https://github.com/NervJS/taro/commit/c2e321a8b6fc873427c466c69f41ed0b5e8814bf https://github.com/NervJS/taro/releases/tag/v4.1.2 https://vuldb.com/?ctiid.311668 https://vuldb.com/?id.311668 https://vuldb.com/?submit.585796 https://github.com/advisories/GHSA-f5xg-cfpj-2mw6

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: Github Advisory Database (NPM)
June 10th, 2025 (4 days ago)
[@vue/cli-plugin-pwa] @vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability
Description: A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. References https://nvd.nist.gov/vuln/detail/CVE-2025-5897 https://github.com/vuejs/vue-cli/pull/7478 https://vuldb.com/?ctiid.311669 https://vuldb.com/?id.311669 https://vuldb.com/?submit.585798 https://github.com/advisories/GHSA-79vf-hf9f-j9q8

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: Github Advisory Database (NPM)
June 10th, 2025 (4 days ago)