CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

	ZDI-25-334: Microsoft Windows Remote Desktop Gateway Service Null Pointer Dereference Denial-of-Service Vulnerability Description: This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.6. The following CVEs are assigned: CVE-2025-30394. CVSS: MEDIUM (5.9) EPSS Score: 0.07% Source: Zero Day Initiative Published Advisories June 10th, 2025 (11 days ago)
	ZDI-25-335: Adobe Acrobat Reader DC Doc Object Out-Of-Bounds Write Remote Code Execution Vulnerability Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-43575. CVSS: HIGH (7.8) EPSS Score: 0.03% Source: Zero Day Initiative Published Advisories June 10th, 2025 (11 days ago)
	ZDI-25-336: Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-43573. CVSS: HIGH (7.8) EPSS Score: 0.03% Source: Zero Day Initiative Published Advisories June 10th, 2025 (11 days ago)
	ZDI-25-337: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability Description: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2025-47112. CVSS: MEDIUM (5.5) EPSS Score: 0.02% Source: Zero Day Initiative Published Advisories June 10th, 2025 (11 days ago)
	ZDI-25-338: Adobe Acrobat Reader DC Collab Object Use-After-Free Remote Code Execution Vulnerability Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-43574. CVSS: HIGH (7.8) EPSS Score: 0.03% Source: Zero Day Initiative Published Advisories June 10th, 2025 (11 days ago)
	ZDI-25-339: JupyterLab Uncontrolled Search Path Element Local Privilege Escalation Vulnerability Description: This vulnerability allows local attackers to escalate privileges on affected installations of JupyterLab. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Additionally, the vulnerability is triggered only when a target user makes use of the product. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2025-30167. CVSS: HIGH (7.3) EPSS Score: 0.01% Source: Zero Day Initiative Published Advisories June 10th, 2025 (11 days ago)
	DanaBot malware operators exposed via C2 bug added in 2022 Description: A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action. [...] Source: BleepingComputer June 10th, 2025 (11 days ago)
CVE-2024-38813	Privilege escalation vulnerability 🚨 Marked as known exploited on June 10th, 2025 (11 days ago). Description: The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. CVSS: HIGH (7.5) EPSS Score: 14.58% SSVC Exploitation: active Source: CVE June 10th, 2025 (11 days ago)
	ConnectWise rotating code signing certificates over security concerns Description: ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns. [...] Source: BleepingComputer June 10th, 2025 (11 days ago)
	[erxes] Erxes Path Traversal vulnerability Description: In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler. References https://nvd.nist.gov/vuln/detail/CVE-2024-57189 https://github.com/erxes/erxes/commit/d626070a0fcd435ae29e689aca051ccfb440c2f3 https://www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices https://github.com/advisories/GHSA-2977-5php-6789 EPSS Score: 0.03% Source: Github Advisory Database (NPM) June 10th, 2025 (11 days ago)