CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-40625 |
Description: GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0.
CVSS: MEDIUM (5.5) EPSS Score: 0.04% SSVC Exploitation: none
June 10th, 2025 (10 days ago)
|
|
CVE-2024-3931 |
Description: A vulnerability was found in Totara LMS up to 18.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/roles/check.php of the component User Selector. The manipulation of the argument ID Number leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 13.46, 14.38, 15.33, 16.27, 17.21 and 18.8 is able to address this issue. It is recommended to upgrade the affected component. Eine problematische Schwachstelle wurde in Totara LMS bis 18.7 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei admin/roles/check.php der Komponente User Selector. Durch Manipulieren des Arguments ID Number mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 13.46, 14.38, 15.33, 16.27, 17.21 and 18.8 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: MEDIUM (5.1) EPSS Score: 0.1% SSVC Exploitation: poc
June 10th, 2025 (10 days ago)
|
|
Description: The bug is one of 66 disclosed and patched today by Microsoft as part of its June 2025 Patch Tuesday set of security vulnerability fixes.
June 10th, 2025 (10 days ago)
|
|
Description: Impact
The CIRCL implementation of FourQ fails to validate user-supplied low-order points during Diffie-Hellman key exchange, potentially allowing attackers to force the identity point and compromise session security.
Moreover, there is an incorrect point validation in ScalarMult can lead to incorrect results in the isEqual function and if a point is on the curve.
Patches
Version 1.6.1 (https://github.com/cloudflare/circl/tree/v1.6.1) mitigates the identified issues.
We acknowledge Alon Livne (Botanica Software Labs) for the reported findings.
References
https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm
https://github.com/cloudflare/circl/tree/v1.6.1
https://github.com/advisories/GHSA-2x5j-vhc8-9cwm
June 10th, 2025 (10 days ago)
|
|
Description: This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-33075.
CVSS: HIGH (7.8) EPSS Score: 0.06%
June 10th, 2025 (10 days ago)
|
|
|
Description: This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-32714.
CVSS: HIGH (7.8) EPSS Score: 0.05%
June 10th, 2025 (10 days ago)
|
|
|
Description: This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.6. The following CVEs are assigned: CVE-2025-30394.
CVSS: MEDIUM (5.9) EPSS Score: 0.07%
June 10th, 2025 (10 days ago)
|
|
|
Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-43575.
CVSS: HIGH (7.8) EPSS Score: 0.03%
June 10th, 2025 (10 days ago)
|
|
|
ZDI-25-336: Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability
Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-43573.
CVSS: HIGH (7.8) EPSS Score: 0.03%
June 10th, 2025 (10 days ago)
|
|
|
Description: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2025-47112.
CVSS: MEDIUM (5.5) EPSS Score: 0.02%
June 10th, 2025 (10 days ago)
|