CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
GitHub is Leaking Trump’s Plans to 'Accelerate' AI Across Government
Description: A new website and API called AI.gov is set to launch on the Fourth of July.
Source: 404 Media
June 10th, 2025 (12 days ago)
DHS Flew Predator Drones Over LA Protests, Audio Shows
Description: Air traffic control (ATC) audio unearthed by an aviation tracking enthusiast then reviewed by 404 Media shows two Predator drones leaving, and heading towards, Los Angeles.
Source: 404 Media
June 10th, 2025 (12 days ago)

CVE-2025-5484
SinoTrack GPS Receiver
Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: SinoTrack Equipment: All Known SinoTrack Devices Vulnerabilities: Weak Authentication, Observable Response Discrepency 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface. Access to the device profile may allow an attacker to perform some remote functions on connected vehicles such as tracking the vehicle location and disconnecting power to the fuel pump where supported. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following SinoTrack products are affected: SinoTrack IOT PC Platform: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 WEAK AUTHENTICATION CWE-1390 A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced during device setup. A malicious actor can retrieve device identifiers with either physical access or by capturing identifiers from pictures of the devices posted on publicly accessible websites such as eBay. CVE-2025-5484 has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L). A CVSS v4 score has...

CVSS: HIGH (8.3)

EPSS Score: 0.04%

Source: All CISA Advisories
June 10th, 2025 (12 days ago)

CVE-2022-4304
Hitachi Energy Relion 670, 650, SAM600-IO Series
Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely Vendor: Hitachi Energy Equipment: Relion 670, 650, SAM600-IO Series Vulnerability: Observable Discrepancy 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to decrypt application data in transit. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: Relion 670: Version 2.2.0 Relion 670: Version 2.2.1 Relion 650: Version 2.2.0 Relion 650: Version 2.2.1 Relion 670: Versions 2.2.2.0 through 2.2.2.5 Relion 670: Versions 2.2.3.0 through 2.2.3.6 Relion 670: Versions 2.2.4.0 through 2.2.4.3 Relion 650: Versions 2.2.4.0 through 2.2.4.3 Relion 670: Versions 2.2.5.0 through 2.2.5.5 Relion 650: Versions 2.2.5.0 through 2.2.5.5 SAM600-IO: Version 2.2.1 SAM600-IO: Versions from 2.2.5.0 up to but not including, 2.2.5.5 3.2 VULNERABILITY OVERVIEW 3.2.1 OBSERVABLE DISCREPANCY CWE-203 A timing-based side channel exists in the OpenSSL RSA decryption implementation, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve a successful decryption, an attacker would have to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine ...
Source: All CISA Advisories
June 10th, 2025 (12 days ago)

CVE-2025-5943
MicroDicom DICOM Viewer
Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom products are affected: DICOM Viewer: Versions 2025.2 (Build 8154) and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 DICOM Viewer suffers from an out-of-bounds write vulnerability. Remote attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit the vulnerability in that the user must either visit a malicious website or open a malicious DICOM file locally. CVE-2025-5943 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2025-5943. A base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Bulgaria 3.4 RESEARCHER Michael Heinzl reported this vulnerability to CISA. 4. MITIGATIONS MicroDicom recom...

EPSS Score: 0.18%

Source: All CISA Advisories
June 10th, 2025 (12 days ago)
[org.geoserver:gs-wfs] GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost
Description: Summary It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Details A unauthenticated user can supply a request that will be issued by the server. This can be used to enumerate internal networks and also in the case of cloud instances can be used to obtain sensitive data. Mitigation When using GeoServer with a proxy, manage the proxy base value as a system administrator, use the application property PROXY_BASE_URL to provide a non-empty value that cannot be overridden by the user interface or incoming request. When using GeoServer directly without a proxy, block all access to TestWfsPost by editing the web.xml file. Adding this block right before the end: BlockDemoRequests /TestWfsPost/* BLOCKED Resolution Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue. The demo request page functionality is now implemented directly in the browser. Reference https://osgeo-org.atlassian.net/browse/GEOS-11794 https://osgeo-org.atlassian.net/browse/GEOS-11390 https://nvd.nist.gov/vuln/detail/CVE-2021-40822 References https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw https://nvd.nist.gov/vuln/detail/CVE-2021-40822 https://osgeo-org.atlassian.net/browse/GEOS-11390 https://osgeo-org.atlassian.net/browse/GEOS-11794 https://nvd.nist.gov/vuln/detail/CVE-2024-29198...

CVSS: HIGH (7.5)

Source: Github Advisory Database (Maven)
June 10th, 2025 (12 days ago)
[org.geoserver.web:gs-app] GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost
Description: Summary It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Details A unauthenticated user can supply a request that will be issued by the server. This can be used to enumerate internal networks and also in the case of cloud instances can be used to obtain sensitive data. Mitigation When using GeoServer with a proxy, manage the proxy base value as a system administrator, use the application property PROXY_BASE_URL to provide a non-empty value that cannot be overridden by the user interface or incoming request. When using GeoServer directly without a proxy, block all access to TestWfsPost by editing the web.xml file. Adding this block right before the end: BlockDemoRequests /TestWfsPost/* BLOCKED Resolution Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfsPost servlet resolving this issue. The demo request page functionality is now implemented directly in the browser. Reference https://osgeo-org.atlassian.net/browse/GEOS-11794 https://osgeo-org.atlassian.net/browse/GEOS-11390 https://nvd.nist.gov/vuln/detail/CVE-2021-40822 References https://github.com/geoserver/geoserver/security/advisories/GHSA-5gw5-jccf-6hxw https://nvd.nist.gov/vuln/detail/CVE-2021-40822 https://osgeo-org.atlassian.net/browse/GEOS-11390 https://osgeo-org.atlassian.net/browse/GEOS-11794 https://nvd.nist.gov/vuln/detail/CVE-2024-29198...

CVSS: HIGH (7.5)

Source: Github Advisory Database (Maven)
June 10th, 2025 (12 days ago)
[org.geoserver.web:gs-web-app] GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)
Description: Summary An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. Attacker can abuse this to scan internal networks and gain information about them then exploit further. Moreover, attacker can read limited .xsd file on system. Details By default, GeoServer use PreventLocalEntityResolver class from GeoTools to filter out malicious URIs in XML entities before resolving them. The URI must match the regex (?i)(jar:file|http|vfs)[^?#;]*\\.xsd. But the regex leaves a chance for attackers to request to any HTTP server or limited file. Impact An unauthenticated attacker can: Scan internal network to gain insight about it and exploit further. SSRF to endpoint ends with .xsd. Read limited .xsd file on system. Mitigation Define the system property ENTITY_RESOLUTION_ALLOWLIST to limit the supported external schema locaitons. The built-in allow list covers the locations required for the operation of OGC web services: www.w3.org,schemas.opengis.net,www.opengis.net,inspire.ec.europa.eu/schemas. The user guide provides details on how to add additional locations (this is required for app-schema plugin where a schema is supplied to define an output format). Resolution GeoServer 2.25.0 and greater default to the use of ENTITY_RESOLUTION_ALLOWLIST and does not require you to provide a system property. The use of ENTITY_RESOLUTION_ALLOWLIST is still supported if you require...

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: Github Advisory Database (Maven)
June 10th, 2025 (12 days ago)
[org.geoserver.main:gs-main] GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)
Description: Summary An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. Attacker can abuse this to scan internal networks and gain information about them then exploit further. Moreover, attacker can read limited .xsd file on system. Details By default, GeoServer use PreventLocalEntityResolver class from GeoTools to filter out malicious URIs in XML entities before resolving them. The URI must match the regex (?i)(jar:file|http|vfs)[^?#;]*\\.xsd. But the regex leaves a chance for attackers to request to any HTTP server or limited file. Impact An unauthenticated attacker can: Scan internal network to gain insight about it and exploit further. SSRF to endpoint ends with .xsd. Read limited .xsd file on system. Mitigation Define the system property ENTITY_RESOLUTION_ALLOWLIST to limit the supported external schema locaitons. The built-in allow list covers the locations required for the operation of OGC web services: www.w3.org,schemas.opengis.net,www.opengis.net,inspire.ec.europa.eu/schemas. The user guide provides details on how to add additional locations (this is required for app-schema plugin where a schema is supplied to define an output format). Resolution GeoServer 2.25.0 and greater default to the use of ENTITY_RESOLUTION_ALLOWLIST and does not require you to provide a system property. The use of ENTITY_RESOLUTION_ALLOWLIST is still supported if you require...

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: Github Advisory Database (Maven)
June 10th, 2025 (12 days ago)
[org.geoserver.web:gs-web-app] GWC Home Page communicate version and revision information
Description: Summary The GeoWebCache home page includes version and revision information about the software in use. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. Details org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. PoC Just open http://localhost:8080/geoserver/gwc/ Impact In addition to exposing the version and revision information, the home page will expose the config file and storage locations which may expose the system's temp directory location and whether or not GeoServer is running in a Windows operating system. The approximate server start time and some basic GWC usage information is also exposed. References https://osgeo-org.atlassian.net/browse/GEOS-11677 https://github.com/geoserver/geoserver/pull/8189 https://github.com/GeoWebCache/geowebcache/issues/1344 https://github.com/GeoWebCache/geowebcache/pull/1345 References https://github.com/geoserver/geoserver/security/advisories/GHSA-jm79-7xhw-6f6f https://github.com/GeoWebCache/geowebcache/issues/1344 https://github.com/GeoWebCache/geowebcache/pull/1345 https://github.com/geoserver/geoserver/pull/8189 https://osgeo-org.atlassian.net/browse/GEOS-11677 https://nvd.nist.gov/vuln/detail/CVE-2024-38524 https://github.com/advisori...

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: Github Advisory Database (Maven)
June 10th, 2025 (12 days ago)