CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: [AI generated] "Electro-Seal" specializes in inspection, maintenance and repair services for the oil and gas industry. They focus on deploying safe, efficient, and cost-effective solutions to manage asset integrity and longevity. The company offers an extensive range of services including pipeline inspections, corrosion protection, industrial coatings, and risk assessments. Their mission is to ensure continuous operation of assets by minimizing downtime and optimizing productivity.
June 9th, 2025 (13 days ago)
|
|
Description: Ransomware Attack Update for the 9th of June 2025
June 9th, 2025 (13 days ago)
|
|
Description: The AI company's investigative team found that many accounts were using the program to engage in malicious activity around the world, such as employment schemes, social engineering, and cyber espionage.
June 9th, 2025 (13 days ago)
|
CVE-2025-5897 |
Description: A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. Eine Schwachstelle wurde in vuejs vue-cli bis 5.0.8 ausgemacht. Sie wurde als problematisch eingestuft. Hierbei geht es um die Funktion HtmlPwaPlugin der Datei packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js der Komponente Markdown Code Handler. Mittels Manipulieren mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
June 9th, 2025 (13 days ago)
|
|
CVE-2025-5896 |
Description: A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 4.1.2 is able to address this issue. The name of the patch is c2e321a8b6fc873427c466c69f41ed0b5e8814bf. It is recommended to upgrade the affected component. In tarojs taro bis 4.1.1 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei taro/packages/css-to-react-native/src/index.js. Mittels dem Manipulieren mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Ein Aktualisieren auf die Version 4.1.2 vermag dieses Problem zu lösen. Der Patch wird als c2e321a8b6fc873427c466c69f41ed0b5e8814bf bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
June 9th, 2025 (13 days ago)
|
|
CVE-2025-49137 |
Description: HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input and store it in the JSON schema for the site. This content is then rendered in the generated HAX site. Although the application does not allow users to supply a `script` tag, it does allow the use of other HTML tags to run JavaScript. Version 11.0.0 fixes the issue.
CVSS: HIGH (8.5) EPSS Score: 0.04%
June 9th, 2025 (13 days ago)
|
|
CVE-2025-49004 |
Description: Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain. This allows a malicious website to hijack the authentication flow of Caido and achieve code execution. A malicious website loaded in the browser can hijack the locally running Caido instance and achieve remote command execution during the initial setup. Even if the Caido instance is already configured, an attacker can initiate the authentication flow by performing DNS rebinding. In this case, the victim needs to authorize the request on dashboard.caido.io. Users should upgrade to version 0.48.0 to receive a patch.
CVSS: HIGH (7.5) EPSS Score: 0.21%
June 9th, 2025 (13 days ago)
|
|
CVE-2024-22818 |
Description: FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save
CVSS: HIGH (8.8) EPSS Score: 0.09% SSVC Exploitation: poc
June 9th, 2025 (13 days ago)
|
|
CVE-2024-1026 |
Description: A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. This issue affects some unknown processing of the file front/admin/config.php. The manipulation of the argument id with the input %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-252293 was assigned to this vulnerability. Eine problematische Schwachstelle wurde in Cogites eReserv 7.7.58 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei front/admin/config.php. Durch Manipulieren des Arguments id mit der Eingabe %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen.
CVSS: LOW (3.5) EPSS Score: 0.05% SSVC Exploitation: none
June 9th, 2025 (13 days ago)
|
|
CVE-2024-0721 |
Description: A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251545 was assigned to this vulnerability. In Jspxcms 10.2.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht näher bekannte Funktion der Komponente Survey Label Handler. Durch Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.16% SSVC Exploitation: none
June 9th, 2025 (13 days ago)
|