CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5900 |
Description: A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in Tenda AC9 15.03.02.13 gefunden. Dabei betrifft es einen unbekannter Codeteil. Durch Beeinflussen mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.02%
June 9th, 2025 (5 days ago)
|
|
CVE-2025-5899 |
Description: A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. In GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb wurde eine kritische Schwachstelle entdeckt. Das betrifft die Funktion parse_variables_option der Datei utilities/pspp-convert.c. Durch Manipulieren mit unbekannten Daten kann eine free of memory not on the heap-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.01%
June 9th, 2025 (5 days ago)
|
|
CVE-2025-30515 |
Description: CyberData 011209 Intercom
could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
June 9th, 2025 (5 days ago)
|
|
CVE-2025-30507 |
Description: CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
June 9th, 2025 (5 days ago)
|
|
CVE-2025-30184 |
Description: CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
June 9th, 2025 (5 days ago)
|
|
CVE-2025-30183 |
Description: CyberData 011209 Intercom
does not properly store or protect web server admin credentials.
CVSS: HIGH (7.5) EPSS Score: 0.03%
June 9th, 2025 (5 days ago)
|
|
CVE-2025-26468 |
Description: CyberData
011209
Intercom exposes features that could allow an unauthenticated to gain
access and cause a denial-of-service condition or system disruption.
CVSS: HIGH (7.5) EPSS Score: 0.04%
June 9th, 2025 (5 days ago)
|
|
Description: The Arkana Security extortion gang briefly listed over the weekend what appeared to be newly stolen Ticketmaster data but is instead the data stolen during the 2024 Snowflake data theft attacks. [...]
June 9th, 2025 (5 days ago)
|
|
CVE-2025-5898 |
Description: A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb entdeckt. Es betrifft die Funktion parse_variables_option der Datei utilities/pspp-convert.c. Durch das Manipulieren mit unbekannten Daten kann eine out-of-bounds write-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.01%
June 9th, 2025 (5 days ago)
|
|
CVE-2025-49141 |
Description: HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the `gitImportSite` functionality obtains a URL string from a POST request and insufficiently validates user input. The `set_remote` function later passes this input into `proc_open`, yielding OS command injection. An authenticated attacker can craft a URL string that bypasses the validation checks employed by the `filter_var` and `strpos` functions in order to execute arbitrary OS commands on the backend server. The attacker can exfiltrate command output via an HTTP request. Version 11.0.3 contains a patch for the issue.
CVSS: HIGH (8.6) EPSS Score: 0.22%
June 9th, 2025 (5 days ago)
|