CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0071 |
Description: SAP Web Dispatcher and Internet Communication Manager allow an attacker with administrative privileges to enable debugging trace mode with a specific parameter value. This exposes unencrypted passwords in the logs, causing a high impact on the confidentiality of the application. There is no impact on integrity or availability.
CVSS: MEDIUM (4.9) EPSS Score: 0.04%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-0062 |
Description: SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impact on confidentiality and integrity within the scope of victim�s browser. There is no impact on availability. This vulnerability occurs only when script/html execution is enabled by the administrator in Central Management Console.
CVSS: MEDIUM (4.7) EPSS Score: 0.04%
March 11th, 2025 (4 months ago)
|
|
CVE-2024-49823 |
Description: IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
March 11th, 2025 (4 months ago)
|
|
CVE-2024-41760 |
Description: IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.
CVSS: LOW (3.7) EPSS Score: 0.03%
March 11th, 2025 (4 months ago)
|
|
CVE-2024-22340 |
Description: IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-1828 |
Description: Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions.
Crypt::Random::rand 1.05 through 1.55 uses the rand() function. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider.
In particular, Windows versions of perl will encounter this issue by default.
EPSS Score: 0.05%
March 11th, 2025 (4 months ago)
|
|
Description: Jaguar Land Rover (JLR) Allegedly Suffers Data Breach, Hundreds of Internal Documents and Employee Data Exposed
March 11th, 2025 (4 months ago)
|
|
CVE-2025-27926 |
Description: In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
March 10th, 2025 (4 months ago)
|
|
CVE-2025-27925 |
Description: Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.
CVSS: HIGH (8.5) EPSS Score: 0.06%
March 10th, 2025 (4 months ago)
|
|
CVE-2025-27924 |
Description: Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
March 10th, 2025 (4 months ago)
|