CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5899 |
Description: A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. In GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb wurde eine kritische Schwachstelle entdeckt. Das betrifft die Funktion parse_variables_option der Datei utilities/pspp-convert.c. Durch Manipulieren mit unbekannten Daten kann eine free of memory not on the heap-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.01%
June 9th, 2025 (7 days ago)
|
|
CVE-2025-30515 |
Description: CyberData 011209 Intercom
could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
CVSS: CRITICAL (9.8) EPSS Score: 0.08%
June 9th, 2025 (7 days ago)
|
|
CVE-2025-30507 |
Description: CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.
CVSS: MEDIUM (5.3) EPSS Score: 0.06%
June 9th, 2025 (7 days ago)
|
|
CVE-2025-30184 |
Description: CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
CVSS: CRITICAL (9.8) EPSS Score: 0.11%
June 9th, 2025 (7 days ago)
|
|
CVE-2025-30183 |
Description: CyberData 011209 Intercom
does not properly store or protect web server admin credentials.
CVSS: HIGH (7.5) EPSS Score: 0.04%
June 9th, 2025 (7 days ago)
|
|
CVE-2025-26468 |
Description: CyberData
011209
Intercom exposes features that could allow an unauthenticated to gain
access and cause a denial-of-service condition or system disruption.
CVSS: HIGH (7.5) EPSS Score: 0.05%
June 9th, 2025 (7 days ago)
|
|
Description: The Arkana Security extortion gang briefly listed over the weekend what appeared to be newly stolen Ticketmaster data but is instead the data stolen during the 2024 Snowflake data theft attacks. [...]
June 9th, 2025 (7 days ago)
|
|
CVE-2025-5898 |
Description: A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb entdeckt. Es betrifft die Funktion parse_variables_option der Datei utilities/pspp-convert.c. Durch das Manipulieren mit unbekannten Daten kann eine out-of-bounds write-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.01%
June 9th, 2025 (7 days ago)
|
|
CVE-2025-49141 |
Description: HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the `gitImportSite` functionality obtains a URL string from a POST request and insufficiently validates user input. The `set_remote` function later passes this input into `proc_open`, yielding OS command injection. An authenticated attacker can craft a URL string that bypasses the validation checks employed by the `filter_var` and `strpos` functions in order to execute arbitrary OS commands on the backend server. The attacker can exfiltrate command output via an HTTP request. Version 11.0.3 contains a patch for the issue.
CVSS: HIGH (8.6) EPSS Score: 0.29%
June 9th, 2025 (7 days ago)
|
|
CVE-2025-49140 |
Description: Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Users should upgrade to v0.1.39 or later, which validates that: `padLen > 0 && padLen <= payloadLength` and return error on overflow, avoiding panic. If upgrading is not possible, apply the patch from the pull request manually or drop packets whose P-bit is set but whose padLen is zero or larger than the remaining payload.
CVSS: HIGH (7.5) EPSS Score: 0.06%
June 9th, 2025 (7 days ago)
|