CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Girls Do Porn Ringleader Pleads Guilty, Faces Life In Prison
Description: Michael Pratt led Girls Do Porn, a sex trafficking operation that targeted hundreds of young women with force, fraud and coercion.
Source: 404 Media
June 9th, 2025 (8 days ago)

CVE-2025-5888
jsnjfz WebStack-Guns cross-site request forgery
Description: A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In jsnjfz WebStack-Guns 1.0 wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode. Durch das Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.02%

Source: CVE
June 9th, 2025 (8 days ago)

CVE-2025-5887
jsnjfz WebStack-Guns File Upload UserMgrController.java cross site scripting
Description: A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic. Affected is an unknown function of the file UserMgrController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in jsnjfz WebStack-Guns 1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei UserMgrController.java der Komponente File Upload. Mittels Manipulieren des Arguments File mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.1)

EPSS Score: 0.03%

Source: CVE
June 9th, 2025 (8 days ago)

CVE-2025-49653
Exposure of sensitive Information allows account takeover
Description: Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.

CVSS: HIGH (8.0)

EPSS Score: 0.05%

Source: CVE
June 9th, 2025 (8 days ago)

CVE-2025-49652
Improper access control allows arbitrary account creation
Description: Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.

CVSS: CRITICAL (9.8)

EPSS Score: 0.06%

Source: CVE
June 9th, 2025 (8 days ago)

CVE-2025-49651
Missing Authorization for Interactive Sessions
Description: Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.

CVSS: HIGH (8.1)

EPSS Score: 0.05%

Source: CVE
June 9th, 2025 (8 days ago)

CVE-2025-46041
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description...
Description: A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).

CVSS: MEDIUM (5.4)

EPSS Score: 0.14%

Source: CVE
June 9th, 2025 (8 days ago)

CVE-2025-45001
react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext...
Description: react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.

CVSS: HIGH (7.5)

EPSS Score: 0.01%

Source: CVE
June 9th, 2025 (8 days ago)

CVE-2025-29627
An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module
Description: An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module

CVSS: MEDIUM (6.8)

EPSS Score: 0.03%

Source: CVE
June 9th, 2025 (8 days ago)

CVE-2024-47081
Requests vulnerable to .netrc credentials leak via malicious URLs
Description: Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

CVSS: MEDIUM (5.3)

EPSS Score: 0.06%

Source: CVE
June 9th, 2025 (8 days ago)