CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-47754
media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning
Description: In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Fix a smatch static checker warning on vdec_h264_req_multi_if.c. Which leads to a kernel crash when fb is NULL.

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
March 7th, 2025 (4 months ago)

CVE-2024-44953
scsi: ufs: core: Fix deadlock during RTC update
Description: In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix deadlock during RTC update There is a deadlock when runtime suspend waits for the flush of RTC work, and the RTC work calls ufshcd_rpm_get_sync() to wait for runtime resume. Here is deadlock backtrace: kworker/0:1 D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367 ptr f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff __switch_to+0x1a8/0x2d4 __schedule+0x684/0xa98 schedule+0x48/0xc8 schedule_timeout+0x48/0x170 do_wait_for_common+0x108/0x1b0 wait_for_completion+0x44/0x60 __flush_work+0x39c/0x424 __cancel_work_sync+0xd8/0x208 cancel_delayed_work_sync+0x14/0x28 __ufshcd_wl_suspend+0x19c/0x480 ufshcd_wl_runtime_suspend+0x3c/0x1d4 scsi_runtime_suspend+0x78/0xc8 __rpm_callback+0x94/0x3e0 rpm_suspend+0x2d4/0x65c __pm_runtime_suspend+0x80/0x114 scsi_runtime_idle+0x38/0x6c rpm_idle+0x264/0x338 __pm_runtime_idle+0x80/0x110 ufshcd_rtc_work+0x128/0x1e4 process_one_work+0x26c/0x650 worker_thread+0x260/0x3d8 kthread+0x110/0x134 ret_from_fork+0x10/0x20 Skip updating RTC if RPM state is not RPM_ACTIVE.

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
March 7th, 2025 (4 months ago)

CVE-2024-25739
create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing...
Description: create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.

CVSS: MEDIUM (5.5)

EPSS Score: 0.07%

SSVC Exploitation: none

Source: CVE
March 7th, 2025 (4 months ago)
Zero-Days Put Tens of 1,000s of Orgs at Risk for VM Escape Attacks
Description: More than 41,000 ESXi instances remain vulnerable to a critical VMware vulnerability, one of three that Broadcom disclosed earlier this week.
Source: Dark Reading
March 7th, 2025 (4 months ago)
Akira 20231209 Chat
Description: Akira 20231209 Chat
Source: DarkWebInformer
March 7th, 2025 (4 months ago)
Behind the Blog: Merch Drops, Riso Prints and Big Cars
Description: This week, we discuss a Supreme drop, a visit to a local Risograph printer, and what is up with Big Car.
Source: 404 Media
March 7th, 2025 (4 months ago)
Akira 20231115 Chat
Description: 🚨 This is a real ransomware negotiation chat. The source can be found at the bottom of the page! 🚨 Ransomware Group: Akira Victim: Withheld Copy Chat to Clipboard Export Chat as JSON Export Chat as CSV Export Chat as XML Ransomchats provided by https://x.com/ValeryMarchive via https:
Source: DarkWebInformer
March 7th, 2025 (4 months ago)
Taylor Swift Ticket Thieves Charged in Court for Resale Operation
Description: The pair found a loophole through StubHub's services, allowing them to steal tickets and resell them for personal profit, amassing hundreds of thousands of dollars.
Source: Dark Reading
March 7th, 2025 (4 months ago)

CVE-2023-20025
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Vulnerabilities
Description: Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device. For more information about these vulnerabilities, see the Details section of this advisory.  Cisco has not released software updates to address the vulnerabilities described in this advisory. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5 Security Impact Rating: Critical CVE: CVE-2023-20025,CVE-2023-20026,CVE-2023-20118

CVSS: CRITICAL (9.0)

Source: Cisco Security Advisory
March 7th, 2025 (4 months ago)

CVE-2025-27607
Python JSON Logger has a Potential RCE via missing `msgspec-python313-pre` dependency
Description: Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0.

CVSS: HIGH (8.8)

EPSS Score: 0.61%

Source: CVE
March 7th, 2025 (4 months ago)