CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-42983 |
Description: SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is not able to read any data.
CVSS: HIGH (8.5) EPSS Score: 0.04%
June 10th, 2025 (12 days ago)
|
|
CVE-2025-42982 |
Description: SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high impact on confidentiality, integrity and availability of the application.
CVSS: HIGH (8.8) EPSS Score: 0.04%
June 10th, 2025 (12 days ago)
|
|
CVE-2025-42977 |
Description: SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. This allows an attacker to read or modify arbitrary files, resulting in a high impact on confidentiality and a low impact on integrity.
CVSS: HIGH (7.6) EPSS Score: 0.22%
June 10th, 2025 (12 days ago)
|
|
CVE-2025-31325 |
Description: Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When a victim accesses the affected page, the script executes in their browser, providing the attacker limited access to restricted information. The vulnerability does not affect data integrity or availability and operates entirely within the context of the client's browser.
CVSS: MEDIUM (5.8) EPSS Score: 0.08%
June 10th, 2025 (12 days ago)
|
|
CVE-2025-23192 |
Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI Workspace)
Description: SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable. This leads to a high impact on confidentiality and low impact on integrity, availability.
CVSS: HIGH (8.2) EPSS Score: 0.09%
June 10th, 2025 (12 days ago)
|
|
Description: Posted by josephgoyd via Fulldisclosure on Jun 09Hello Full Disclosure,
This is a strategic public disclosure of a zero-click iMessage exploit chain that was discovered live on iOS 18.2 and
remained unpatched through iOS 18.4. It enabled Secure Enclave key theft, wormable remote code execution, and
undetectable crypto wallet exfiltration. Despite responsible disclosure, the research was suppressed by the vendor.
Apple issued a silent fix in iOS 18.4.1 (April 2025) without public...
CVSS: HIGH (7.5)
June 10th, 2025 (12 days ago)
|
|
|
Description: Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 09SEC Consult Vulnerability Lab Security Advisory < 20250604-0 >
=======================================================================
title: Local Privilege Escalation and Default Credentials
product: INDAMED - MEDICAL OFFICE (Medical practice management)
Demo version
vulnerable version: Revision 18544 (II/2024)
fixed version: Q2/2025 (Privilege Escalation, Default Password)...
June 10th, 2025 (12 days ago)
|
|
CVE-2025-5903 |
Description: A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in TOTOLINK T10 4.1.8cu.5207 ausgemacht. Hiervon betroffen ist die Funktion setWiFiAclRules der Datei /cgi-bin/cstecgi.cgi der Komponente POST Request Handler. Mit der Manipulation des Arguments desc mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.14%
June 10th, 2025 (13 days ago)
|
|
CVE-2025-5902 |
Description: A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument slaveIpList leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in TOTOLINK T10 4.1.8cu.5207 gefunden. Davon betroffen ist die Funktion setUpgradeFW der Datei /cgi-bin/cstecgi.cgi der Komponente POST Request Handler. Dank Manipulation des Arguments slaveIpList mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.14%
June 10th, 2025 (13 days ago)
|
|
CVE-2025-0037 |
Description: In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality.
CVSS: MEDIUM (6.6) EPSS Score: 0.02%
June 10th, 2025 (13 days ago)
|