CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-1253
Byzoro Smart S40 Management Platform Import web.php unrestricted upload
Description: A vulnerability, which was classified as critical, has been found in Byzoro Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine kritische Schwachstelle wurde in Byzoro Smart S40 Management Platform bis 20240126 entdeckt. Dies betrifft einen unbekannten Teil der Datei /useratte/web.php der Komponente Import Handler. Durch die Manipulation des Arguments file_upload mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (4.7)

EPSS Score: 0.08%

SSVC Exploitation: poc

Source: CVE
June 10th, 2025 (11 days ago)

CVE-2024-1186
Munsoft Easy Archive Recovery Registration Key denial of service
Description: A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. In Munsoft Easy Archive Recovery 2.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalität der Komponente Registration Key Handler. Mittels Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.3)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE
June 10th, 2025 (11 days ago)

CVE-2024-0497
Campcodes Student Information System sql injection
Description: A vulnerability was found in Campcodes Student Information System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Users.php?f=save. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250602 is the identifier assigned to this vulnerability. Es wurde eine kritische Schwachstelle in Campcodes Student Information System 1.0 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei /classes/Users.php?f=save. Dank der Manipulation des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
June 10th, 2025 (11 days ago)
Texas Dept. of Transportation breached, 300k crash records stolen
Description: The Texas Department of Transportation (TxDOT) is warning that it suffered a data breach after a threat actor downloaded 300,000 crash records from its database. [...]
Source: BleepingComputer
June 10th, 2025 (11 days ago)
Microsoft Outlook to block more risky attachments used in attacks
Description: Microsoft announced it will expand the list of blocked attachments in Outlook Web and the new Outlook for Windows starting next month. [...]
Source: BleepingComputer
June 10th, 2025 (11 days ago)
Windows 11 KB5060842 and KB5060999 cumulative updates released
Description: Microsoft has released Windows 11 KB5060842 and KB5060999 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues, including 66 flaws. [...]
Source: BleepingComputer
June 10th, 2025 (11 days ago)
Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws
🚨 Marked as known exploited on June 10th, 2025 (11 days ago).
Description: Today is Microsoft's June 2025 Patch Tuesday, which includes security updates for 66 flaws, including one actively exploited vulnerability and another that was publicly disclosed. [...]
Source: BleepingComputer
June 10th, 2025 (11 days ago)
Windows 10 KB5060533 cumulative update released with 7 changes, fixes
Description: Microsoft has released the KB5060533 cumulative update for Windows 10 22H2 and Windows 10 21H2, with seven fixes or changes, including bringing seconds back to the time shown in the Calendar flyout. [...]
Source: BleepingComputer
June 10th, 2025 (11 days ago)
Alleged Data Breach of Israeli Antiquities Authority
Description: Alleged Data Breach of Israeli Antiquities Authority
Source: DarkWebInformer
June 10th, 2025 (11 days ago)
Periodic Table of Cybersecurity
Description: Periodic Table of Cybersecurity
Source: DarkWebInformer
June 10th, 2025 (11 days ago)