CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Israel-based spyware maker Paragon and Italy's government had a falling out over the company's offer to help investigate what happened on journalist Francesco Cancellato's phone.
June 9th, 2025 (8 days ago)
|
|
Description: A vulnerability allowed researchers to brute-force any Google account's recovery phone number simply by knowing a their profile name and an easily retrieved partial phone number, creating a massive risk for phishing and SIM-swapping attacks. [...]
June 9th, 2025 (8 days ago)
|
|
Description: CardinalOps' report shows that organizations are struggling to keep up with the evolution of the latest threats while a significant number of detection rules remain non-functional.
June 9th, 2025 (8 days ago)
|
|
Description: United States
June 9th, 2025 (8 days ago)
|
|
|
Description: United States
June 9th, 2025 (8 days ago)
|
CVE-2025-5890 |
Description: A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. Es wurde eine Schwachstelle in actions toolkit 0.5.0 entdeckt. Sie wurde als problematisch eingestuft. Hiervon betroffen ist die Funktion globEscape der Datei toolkit/packages/glob/src/internal-pattern.ts der Komponente glob. Durch das Beeinflussen mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden.
CVSS: MEDIUM (4.3) EPSS Score: 0.04% SSVC Exploitation: none
June 9th, 2025 (8 days ago)
|
|
CVE-2025-5889 |
Description: A vulnerability was found in juliangruber brace-expansion up to 1.1.11. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to apply a patch to fix this issue. Eine problematische Schwachstelle wurde in juliangruber brace-expansion bis 1.1.11 ausgemacht. Davon betroffen ist die Funktion expand der Datei index.js. Durch Manipulieren mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung. Der Patch wird als a5b98a4f30d7813266b221435e1eaaf25a1b0ac5 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.
CVSS: LOW (3.1) EPSS Score: 0.05% SSVC Exploitation: poc
June 9th, 2025 (8 days ago)
|
|
CVE-2024-24330 |
Description: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function.
CVSS: CRITICAL (9.8) EPSS Score: 1.17% SSVC Exploitation: poc
June 9th, 2025 (8 days ago)
|
|
CVE-2024-23327 |
Description: Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (7.5) EPSS Score: 0.14% SSVC Exploitation: none
June 9th, 2025 (8 days ago)
|
|
CVE-2024-22876 |
Description: StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator.
EPSS Score: 0.18% SSVC Exploitation: none
June 9th, 2025 (8 days ago)
|