CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-49653 |
Description: Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.
CVSS: HIGH (8.0) EPSS Score: 0.04%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-49652 |
Description: Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-49651 |
Description: Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.
CVSS: HIGH (8.1) EPSS Score: 0.04%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-46041 |
Description: A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-45001 |
Description: react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.
CVSS: HIGH (7.5) EPSS Score: 0.01%
June 9th, 2025 (6 days ago)
|
|
CVE-2025-29627 |
Description: An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module
CVSS: MEDIUM (6.8) EPSS Score: 0.03%
June 9th, 2025 (6 days ago)
|
|
CVE-2024-47081 |
Description: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.
CVSS: MEDIUM (5.3) EPSS Score: 0.06%
June 9th, 2025 (6 days ago)
|
|
CVE-2024-0542 |
Description: A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. Affected by this issue is the function formWifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250712. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine kritische Schwachstelle wurde in Tenda W9 1.0.0.7(4456) ausgemacht. Dies betrifft die Funktion formWifiMacFilterGet der Komponente httpd. Dank der Manipulation des Arguments index mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.14% SSVC Exploitation: none
June 9th, 2025 (6 days ago)
|
|
Description: SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm. [...]
June 9th, 2025 (6 days ago)
|
|
Description: Alleged database sale SCP Spain
June 9th, 2025 (6 days ago)
|