CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Impact
When using Babel to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to .replace).
Your generated code is vulnerable if all the following conditions are true:
You use Babel to compile regular expression named capturing groups or
You use the .replace method on a regular expression that contains named capturing groups
Your code uses untrusted strings as the second argument of .replace
If you are using @babel/preset-env with the targets option, the transform that injects the vulnerable code is automatically enabled if:
you use duplicated named capturing groups, and target any browser older than Chrome/Edge 126, Opera 112, Firefox 129, Safari 17.4, or Node.js 23
you use any named capturing groups, and target any browser older than Chrome 64, Opera 71, Edge 79, Firefox 78, Safari 11.1, or Node.js 10
You can verify what transforms @babel/preset-env is using by enabling the debug option.
Patches
This problem has been fixed in @babel/helpers and @babel/runtime 7.26.10 and 8.0.0-alpha.17, please upgrade. It's likely that you do not directly depend on @babel/helpers, and instead you depend on @babel/core (which itself depends on @babel/helpers). Upgrading to @babel/core 7.26.10 is not required, but it guarantees that you are on a new enough @babel/helpers version.
Please note that just updating your Babel dep...
March 11th, 2025 (4 months ago)
|
|
|
Description: Impact
When using Babel to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to .replace).
Your generated code is vulnerable if all the following conditions are true:
You use Babel to compile regular expression named capturing groups or
You use the .replace method on a regular expression that contains named capturing groups
Your code uses untrusted strings as the second argument of .replace
If you are using @babel/preset-env with the targets option, the transform that injects the vulnerable code is automatically enabled if:
you use duplicated named capturing groups, and target any browser older than Chrome/Edge 126, Opera 112, Firefox 129, Safari 17.4, or Node.js 23
you use any named capturing groups, and target any browser older than Chrome 64, Opera 71, Edge 79, Firefox 78, Safari 11.1, or Node.js 10
You can verify what transforms @babel/preset-env is using by enabling the debug option.
Patches
This problem has been fixed in @babel/helpers and @babel/runtime 7.26.10 and 8.0.0-alpha.17, please upgrade. It's likely that you do not directly depend on @babel/helpers, and instead you depend on @babel/core (which itself depends on @babel/helpers). Upgrading to @babel/core 7.26.10 is not required, but it guarantees that you are on a new enough @babel/helpers version.
Please note that just updating your Babel dep...
March 11th, 2025 (4 months ago)
|
|
|
Description: Impact
When using Babel to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to .replace).
Your generated code is vulnerable if all the following conditions are true:
You use Babel to compile regular expression named capturing groups or
You use the .replace method on a regular expression that contains named capturing groups
Your code uses untrusted strings as the second argument of .replace
If you are using @babel/preset-env with the targets option, the transform that injects the vulnerable code is automatically enabled if:
you use duplicated named capturing groups, and target any browser older than Chrome/Edge 126, Opera 112, Firefox 129, Safari 17.4, or Node.js 23
you use any named capturing groups, and target any browser older than Chrome 64, Opera 71, Edge 79, Firefox 78, Safari 11.1, or Node.js 10
You can verify what transforms @babel/preset-env is using by enabling the debug option.
Patches
This problem has been fixed in @babel/helpers and @babel/runtime 7.26.10 and 8.0.0-alpha.17, please upgrade. It's likely that you do not directly depend on @babel/helpers, and instead you depend on @babel/core (which itself depends on @babel/helpers). Upgrading to @babel/core 7.26.10 is not required, but it guarantees that you are on a new enough @babel/helpers version.
Please note that just updating your Babel dep...
March 11th, 2025 (4 months ago)
|
|
|
Description: Impact
The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.
Patches
This problem is fixed starting with version 3.9.
Workarounds
Only load models from trusted sources and model archives created with Keras.
References
https://www.cve.org/cverecord?id=CVE-2025-1550
https://github.com/keras-team/keras/pull/20751
References
https://github.com/keras-team/keras/security/advisories/GHSA-48g7-3x6r-xfhp
https://nvd.nist.gov/vuln/detail/CVE-2025-1550
https://github.com/keras-team/keras/pull/20751
https://github.com/keras-team/keras/commit/e67ac8ffd0c883bec68eb65bb52340c7f9d3a903
https://github.com/keras-team/keras/releases/tag/v3.9.0
https://github.com/advisories/GHSA-48g7-3x6r-xfhp
CVSS: HIGH (7.3) EPSS Score: 0.01%
March 11th, 2025 (4 months ago)
|
|
|
Description: Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-24986
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24986
https://github.com/microsoft/promptflow/commit/5f4a41ab4cb15607ade7f26138b0b863b4e4eb0a
https://github.com/microsoft/promptflow/commit/625061724c51533d28fe6e0e3014b1042afdb07f
https://github.com/advisories/GHSA-gprr-v9f2-px3c
CVSS: MEDIUM (6.5) EPSS Score: 0.09%
March 11th, 2025 (4 months ago)
|
|
|
Description: Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-24986
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24986
https://github.com/microsoft/promptflow/commit/5f4a41ab4cb15607ade7f26138b0b863b4e4eb0a
https://github.com/microsoft/promptflow/commit/625061724c51533d28fe6e0e3014b1042afdb07f
https://github.com/advisories/GHSA-gprr-v9f2-px3c
CVSS: MEDIUM (6.5) EPSS Score: 0.09%
March 11th, 2025 (4 months ago)
|
|
|
Description: Summary
the vulnerability is that users (such as resellers or customers) are able to create accounts with the same email address as an existing account (e.g., if the admin has [email protected], others can also create an account using the same email). This creates potential issues with account identification and security.
Impact
Local/Authenticated: This vulnerability can be exploited by authenticated users (e.g., reseller, customer) who can create accounts with the same email address that has already been used by another account, such as the admin.
Email-based: The attack vector is email-based, as the system does not prevent multiple accounts from registering the same email address, leading to possible conflicts and security issues.
References
https://github.com/froxlor/Froxlor/security/advisories/GHSA-7j6w-p859-464f
https://mega.nz/file/h8oFHQrL#I4V02_BWee4CCx7OoBl_2Ufkd5Wc7fvs5aCatGApkoQ
https://github.com/froxlor/Froxlor/commit/a43d53d54034805e3e404702a01312fa0c40b623
https://github.com/advisories/GHSA-7j6w-p859-464f
March 11th, 2025 (4 months ago)
|
|
|
Description: Summary
An HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication.
Observation
It is observed that in the portal of the customer account, there is a functionality in the email section to create an email address that accepts user input. By intercepting the request and modifying the "domain" field with an HTML injection payload containing an anchor tag, the injected payload is reflected on an error page. When clicked, it redirects users to an external website, confirming the presence of an HTML Injection vulnerability.
PoC
Navigate to the Email section in the Customer Account Portal and create a new email address.
Enter any garbage value in the required field and intercept the request using Burp Suite.
Locate the "domain" field in the intercepted request and replace its value with the following HTML Injection payload:
CLiCK
Forward the modified request and observe that the injected payload is reflected on an error page.
Click on the displayed "CLiCK" link to verify that it redirects to https://www.google.com, confirming the presence of HTML Injection.
Impact
An attacker can exploit this HTML Injection vulnerability to manipulate the portal’s content, conduc...
March 11th, 2025 (4 months ago)
|
|
Description: Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. [...]
March 11th, 2025 (4 months ago)
|
CVE-2025-27789 |
Description: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the `.replace` method that has quadratic complexity on some specific replacement pattern strings (i.e. the second argument passed to `.replace`). Generated code is vulnerable if all the following conditions are true: Using Babel to compile regular expression named capturing groups, using the `.replace` method on a regular expression that contains named capturing groups, and the code using untrusted strings as the second argument of `.replace`. This problem has been fixed in `@babel/helpers` and `@babel/runtime` 7.26.10 and 8.0.0-alpha.17. It's likely that individual users do not directly depend on `@babel/helpers`, and instead depend on `@babel/core` (which itself depends on `@babel/helpers`). Upgrading to `@babel/core` 7.26.10 is not required, but it guarantees use of a new enough `@babel/helpers` version. Note that just updating Babel dependencies is not enough; one will also need to re-compile the code. No known workarounds are available.
CVSS: MEDIUM (6.2) EPSS Score: 0.02% SSVC Exploitation: poc
March 11th, 2025 (4 months ago)
|