CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: United States
June 9th, 2025 (5 days ago)
|
CVE-2025-5890 |
Description: A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. Es wurde eine Schwachstelle in actions toolkit 0.5.0 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion globEscape der Datei toolkit/packages/glob/src/internal-pattern.ts der Komponente glob. Durch das Beeinflussen mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden.
CVSS: MEDIUM (5.3) EPSS Score: 0.04% SSVC Exploitation: none
June 9th, 2025 (5 days ago)
|
|
CVE-2025-5889 |
Description: A vulnerability was found in juliangruber brace-expansion up to 1.1.11. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to apply a patch to fix this issue. Eine problematische Schwachstelle wurde in juliangruber brace-expansion bis 1.1.11 ausgemacht. Davon betroffen ist die Funktion expand der Datei index.js. Durch Manipulieren mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung. Der Patch wird als a5b98a4f30d7813266b221435e1eaaf25a1b0ac5 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.
CVSS: LOW (2.3) EPSS Score: 0.05% SSVC Exploitation: poc
June 9th, 2025 (5 days ago)
|
|
CVE-2024-24330 |
Description: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.
EPSS Score: 1.17% SSVC Exploitation: poc
June 9th, 2025 (5 days ago)
|
|
CVE-2024-23327 |
Description: Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (7.5) EPSS Score: 0.14% SSVC Exploitation: none
June 9th, 2025 (5 days ago)
|
|
CVE-2024-22876 |
Description: StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator.
EPSS Score: 0.18% SSVC Exploitation: none
June 9th, 2025 (5 days ago)
|
|
CVE-2024-22860 |
Description: Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder.
EPSS Score: 1.86% SSVC Exploitation: none
June 9th, 2025 (5 days ago)
|
|
CVE-2024-22402 |
Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist
Description: Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed this may present a permissions bypass. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.
CVSS: MEDIUM (5.4) EPSS Score: 0.24% SSVC Exploitation: none
June 9th, 2025 (5 days ago)
|
|
CVE-2024-0589 |
Description: Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry.
EPSS Score: 0.37% SSVC Exploitation: none
June 9th, 2025 (5 days ago)
|
|
CVE-2024-0425 |
Description: A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444. In ForU CMS bis 2020-06-23 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /admin/index.php?act=reset_admin_psw. Durch das Manipulieren mit unbekannten Daten kann eine weak password recovery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.13% SSVC Exploitation: poc
June 9th, 2025 (5 days ago)
|