CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to talk to any GraphQL endpoint.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-57190
https://github.com/erxes/erxes/commit/4ed2ca797241d2ba0c9083feeadd9755c1310ce8
https://www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices
https://github.com/advisories/GHSA-7rhv-xm4q-wh42
CVSS: CRITICAL (9.8) EPSS Score: 0.08%
June 10th, 2025 (11 days ago)
|
|
|
Description: In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-57186
https://github.com/erxes/erxes/commit/d626070a0fcd435ae29e689aca051ccfb440c2f3
https://www.sonarsource.com/blog/micro-services-major-headaches-detecting-vulnerabilities-in-erxes-microservices
https://github.com/advisories/GHSA-rq9r-qvwg-829q
EPSS Score: 0.05%
June 10th, 2025 (11 days ago)
|
|
|
Description: Impact
OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from.
The primary risk lies in the potential exfiltration of secrets stored inside OctoPrint's config, or further system files. By removing important runtime files, this could also be used to impact the availability of the host. Given that the attacker requires a user account with file upload permissions, the actual impact of this should however hopefully be minimal in most cases.
Patches
The vulnerability has been patched in version 1.11.2.
Details
A specially crafted HTTP Request to an affected upload endpoint that contains some form inputs only supposed to be used internally can be used to make OctoPrint move a file that it thinks is a freshly uploaded temporary one into its upload folder.
The following endpoints in OctoPrint are affected:
/api/files/{local|sdcard}
/api/languages
/plugin/backup/restore
/plugin/pluginmanager/upload_file
Further upload endpoints in third party plugins might be affected too.
The fix removes any internal-only form inputs from incoming requests in the central file upload processor component.
Credits
This vulnerability was discovered and responsibly disclosed to OctoPrint by Jacopo Tediosi
References
https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-m9jh...
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
June 10th, 2025 (11 days ago)
|
|
|
Description: Impact
OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken multipart/form-data request to OctoPrint and through that make the web server component become unresponsive. This could be used to effectively run a denial of service attack on the OctoPrint server.
Patches
The vulnerability has been patched in version 1.11.2.
Workaround
OctoPrint administrators are once more reminded to not make OctoPrint available on hostile networks (e.g. the internet), regardless of whether this vulnerability is patched or not.
Details
The issue can be triggered by a broken multipart/form-data request lacking an end boundary to any of OctoPrint's endpoints implemented through the octoprint.server.util.tornado.UploadStorageFallbackHandler request handler. The request handler will get stuck in an endless busy loop, looking for a part of the request that will never come. As Tornado is single-threaded, that will effectively block the whole web server.
The fix adds detection of invalid requests like that and ensures they are handled gracefully with an HTTP 400 Bad Request response.
Credits
This vulnerability was discovered and responsibly disclosed to OctoPrint by Jacopo Tediosi.
References
https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-9wj4-8h85-pgrw
https://nvd.nist.gov/vuln/detail/CVE-2025-48879
https://github.com/OctoPrint/OctoPrint/commit/c9c35c17bd820f19c6b12e6c0359fc0cfdd0c1ec
https://...
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 10th, 2025 (11 days ago)
|
|
|
Description: Impact
What kind of vulnerability is it? Who is impacted?
All users of Nautobot versions prior to 2.4.10 or prior to 1.6.32 are potentially affected.
Due to insufficient security configuration of the Jinja2 templating feature used in computed fields, custom links, etc. in Nautobot:
A malicious user could configure this feature set in ways that could expose the value of Secrets defined in Nautobot when the templated content is rendered.
A malicious user could configure this feature set in ways that could call Python APIs to modify data within Nautobot when the templated content is rendered, bypassing the object permissions assigned to the viewing user.
Patches
Has the problem been patched? What versions should users upgrade to?
Nautobot versions 1.6.32 and 2.4.10 will include fixes for the vulnerability.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
The vulnerability can be partially mitigated by configuring object permissions appropriately to limit the below actions to only trusted users:
extras.add_secret
extras.change_secret
extras.view_secret
extras.add_computedfield
extras.change_computedfield
extras.add_customlink
extras.change_customlink
extras.add_jobbutton
extras.change_jobbutton
References
Are there any links users can visit to find out more?
https://jinja.palletsprojects.com/en/stable/sandbox/
https://docs.djangoproject.com/en/4.2/ref/templates/api/#alters-data-description
https://github.com/nautobot/nautobot/p...
CVSS: MEDIUM (6.0) EPSS Score: 0.04%
June 10th, 2025 (11 days ago)
|
|
|
Description: Impact
Files uploaded by users to Nautobot's MEDIA_ROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by anonymous users who know or can guess the correct URL for a given file.
For DeviceType image attachments, a mitigating factor is that no URL endpoint exists for listing the contents of the devicetype-images/ subdirectory, and the file names are as specified by the uploading user, so any given DeviceType image attachment can only be retrieved by correctly guessing its file name.
Similarly, for all other image attachments, while the images can be listed by accessing the /api/extras/image-attachments/ endpoint as an authenticated user only, absent that authenticated access, accessing the files would again require guessing file names correctly.
Patches
Nautobot v2.4.10 and v1.6.32 will address this issue by adding enforcement of Nautobot user authentication to this endpoint.
Workarounds
No workaround other than applying the patch given in https://github.com/nautobot/nautobot/pull/6672 (2.x) or https://github.com/nautobot/nautobot/pull/6703 (1.6)
References
Are there any links users can visit to find out more?
https://github.com/nautobot/nautobot/commit/9c892dc300429948a4714f743c9c2879d8987340
https://github.com/nautobot/nautobot/commit/d99a53b065129cff3a0fa9abe7355a9ef1ad4c95
Referen...
CVSS: MEDIUM (6.3) EPSS Score: 0.08%
June 10th, 2025 (11 days ago)
|
|
Description: The flaw allows an authenticated attacker to gain complete control over a Roundcube webmail server.
June 10th, 2025 (11 days ago)
|
|
Description: Check Point attributed the attack to a group known as Stealth Falcon — a hacking group with longstanding ties to the UAE that has been implicated in dozens of spyware cases and hacking incidents involving governments across the Middle East and Africa.
June 10th, 2025 (11 days ago)
|
|
|
Description: Summary
matrix-sdk-crypto since version 0.8.0 up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user.
Although the CVSS score is 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N), we consider this a High Severity security issue.
Details
The Matrix specification requires that clients ensure that "the event’s sender, room_id, and the recorded session_id match a trusted session". The vulnerable matrix-sdk-crypto versions check that the room_id matches that of the session denoted by session_id, but do not check the sender.
Patches
The issue is resolved by 13c1d20, included in versions 0.11.1 and 0.12.0 of matrix-sdk-crypto.
Workarounds
Since a successful attack requires administrator access to the homeserver, users who trust the administrators of their local homeserver are not affected.
References
https://spec.matrix.org/v1.14/client-server-api/#mmegolmv1aes-sha2
References
https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-x958-rvg6-956w
https://nvd.nist.gov/vuln/detail/CVE-2025-48937
https://github.com/matrix-org/matrix-rust-sdk/commit/13c1d2048286bbabf5e7bc6b015aafee98f04d55
https://github.com/matrix-org/matrix-rust-sdk/commit/56980745b4f27f7dc72ac296e6aa003e5d92a75b
https://spec.matrix.org/v1.14/client-server-api/#mmegolmv1aes-sha2
https://github.com/advisories/GHSA-x958-rvg6-95...
CVSS: MEDIUM (4.9) EPSS Score: 0.03%
June 10th, 2025 (11 days ago)
|
|
Description: Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. [...]
CVSS: HIGH (8.2) EPSS Score: 0.02%
June 10th, 2025 (11 days ago)
|