CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27794 |
Description: Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain (e.g., `subdomain.host.com`) sets cookies scoped to the parent domain (`.host.com`). This allows session token replacement for applications hosted on sibling subdomains (e.g., `community.host.com`) if session tokens aren't rotated post-authentication. Key Constraints are that the attacker must control any subdomain under the parent domain (e.g., `evil.host.com` or `x.y.host.com`), and the parent domain must not be on the Public Suffix List. Due to non-existent session token rotation after authenticating we can theoretically reproduce the vulnerability by using browser dev tools, but due to the browser's security measures this does not seem to be exploitable as described. Version 1.8.10 contains a patch for the issue.
CVSS: MEDIUM (6.8) EPSS Score: 0.05%
March 12th, 2025 (4 months ago)
|
|
CVE-2025-25709 |
Description: An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints
CVSS: HIGH (7.5) EPSS Score: 0.05%
March 12th, 2025 (4 months ago)
|
|
CVE-2025-22954 |
Description: Koha <= 21.11 is contains a SQL Injection vulnerability in /serials/lateissues-export.pl via the supplierid parameter.
EPSS Score: 0.56%
March 12th, 2025 (4 months ago)
|
|
CVE-2025-2240 |
Description: A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.
EPSS Score: 0.07%
March 12th, 2025 (4 months ago)
|
|
CVE-2025-21590 |
🚨 Marked as known exploited on March 13th, 2025 (4 months ago).
Description: An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device.
A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device.
This issue is not exploitable from the Junos CLI.
This issue affects Junos OS:Â
* All versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S10,Â
* 22.2 versions before 22.2R3-S6,Â
* 22.4 versions before 22.4R3-S6,Â
* 23.2 versions before 23.2R2-S3,Â
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R1-S2, 24.2R2.
CVSS: MEDIUM (4.4) EPSS Score: 5.1% SSVC Exploitation: none
March 12th, 2025 (4 months ago)
|
|
CVE-2024-52362 |
Description: IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
March 12th, 2025 (4 months ago)
|
|
Description: Rocket Stores Allegedly Falls Victim to Cactus Ransomware Attack
March 12th, 2025 (4 months ago)
|
|
Description: Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates. [...]
March 12th, 2025 (4 months ago)
|
|
Description: The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure.
"The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that
March 12th, 2025 (4 months ago)
|
|
Description: Written by: Lukasz Lamparski, Punsaen Boonyakarn, Shawn Chew, Frank Tse, Jakub Jozwiak, Mathew Potaczek, Logeswaran Nadarajan, Nick Harbour, Mustafa Nasser
Introduction
In mid 2024, Mandiant discovered threat actors deployed custom backdoors on Juniper Networks’ Junos OS routers. Mandiant attributed these backdoors to the China-nexus espionage group, UNC3886. Mandiant uncovered several TINYSHELL-based backdoors operating on Juniper Networks’ Junos OS routers. The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that disables logging mechanisms on the target device.
Mandiant worked with Juniper Networks to investigate this activity and observed that the affected Juniper MX routers were running end-of-life hardware and software. Mandiant recommends that organizations upgrade their Juniper devices to the latest images released by Juniper Networks, which includes mitigations and updated signatures for the Juniper Malware Removal Tool (JMRT). Organizations should run the JMRT Quick Scan and Integrity Check after the upgrade.
Mandiant has reported on similar custom malware ecosystems in 2022 and 2023 that UNC3886 deployed on virtualization technologies and network edge devices. This blog post showcases a development in UNC3886’s tactics, techniques and procedures (TTPs), and their focus on malware and capabilities that enable them to operate on network and edge devices, which typically lack security monito...
CVSS: MEDIUM (6.7)
March 12th, 2025 (4 months ago)
|