CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26394 |
Description: SolarWinds Observability Self-Hosted
is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required.
CVSS: MEDIUM (4.8) EPSS Score: 0.02% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-25250 |
Description: An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL.
CVSS: LOW (3.9) EPSS Score: 0.03%
June 10th, 2025 (9 days ago)
|
|
CVE-2025-2474 |
Description: Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec.
CVSS: CRITICAL (9.8) EPSS Score: 0.17% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-24471 |
Description: AnĀ Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-24069 |
Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 0.04% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-24068 |
Description: Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 0.04% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-24065 |
Description: Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 0.04% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-22463 |
Description: A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password.
CVSS: HIGH (7.3) EPSS Score: 0.03% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-22455 |
Description: A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.
CVSS: HIGH (8.8) EPSS Score: 0.04% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|
|
CVE-2025-22256 |
Description: A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests
CVSS: MEDIUM (6.0) EPSS Score: 0.02% SSVC Exploitation: none
June 10th, 2025 (9 days ago)
|