CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26702 |
Description: Improper Input Validation vulnerability in ZTE GoldenDB allows Input Data Manipulation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04.
CVSS: MEDIUM (4.9) EPSS Score: 0.12%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-2190 |
Description: The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.
EPSS Score: 0.05%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-2177 |
Description: A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional. In libzvbi bis 0.2.43 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion vbi_search_new der Datei src/search.c. Mittels Manipulieren des Arguments pat_len mit unbekannten Daten kann eine integer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 0.2.44 vermag dieses Problem zu lösen. Der Patch wird als ca1672134b3e2962cd392212c73f44f8f4cb489f bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: MEDIUM (6.9) EPSS Score: 0.1%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-2176 |
Description: A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The identifier of the patch is ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional. Es wurde eine Schwachstelle in libzvbi bis 0.2.43 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft die Funktion vbi_capture_sim_load_caption der Datei src/io-sim.c. Mittels dem Manipulieren mit unbekannten Daten kann eine integer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 0.2.44 vermag dieses Problem zu lösen. Der Patch wird als ca1672134b3e2962cd392212c73f44f8f4cb489f bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: MEDIUM (6.9) EPSS Score: 0.1%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-1434 |
Description: The Spreadsheet view is vulnerable to a XSS attack, where a remote unauthorised attacker can read a limited amount of values or DoS the affected spreadsheet. Disclosure of secrets or other system settings is not affected as well as other spreadsheets still work as expected.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
March 11th, 2025 (4 months ago)
|
|
CVE-2024-58102 |
Description: An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack consumption when parsing user-supplied queries containing deeply nested expressions.
CVSS: MEDIUM (5.7) EPSS Score: 0.04%
March 11th, 2025 (4 months ago)
|
|
CVE-2024-13228 |
Description: The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, password-protected, draft, and trashed post data.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
March 11th, 2025 (4 months ago)
|
|
Description: Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees.
The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0.
"Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws in their
CVSS: CRITICAL (9.2)
March 11th, 2025 (4 months ago)
|
|
Description: Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder.
The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy
March 11th, 2025 (4 months ago)
|
|
CVE-2025-26706 |
Description: Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.07.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
March 11th, 2025 (4 months ago)
|