CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22224 |
🚨 Marked as known exploited on April 10th, 2025 (3 months ago).
Description: Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that is actively exploited in the wild. [...]
CVSS: CRITICAL (9.3) EPSS Score: 24.22%
March 6th, 2025 (4 months ago)
|
|
CVE-2025-25452 |
Description: An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the "/user" endpoint
EPSS Score: 0.02%
March 6th, 2025 (4 months ago)
|
|
CVE-2025-25451 |
Description: An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a physically proximate attacker to escalate privileges via the "2fa_authorized" Local Storage key
EPSS Score: 0.02%
March 6th, 2025 (4 months ago)
|
|
CVE-2025-25450 |
Description: An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint
EPSS Score: 0.02%
March 6th, 2025 (4 months ago)
|
|
CVE-2025-2030 |
Description: A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform up to 20250224. It has been rated as critical. Affected by this issue is some unknown functionality of the file /security/addUser.jsp. The manipulation of the argument groupId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine kritische Schwachstelle wurde in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform bis 20250224 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /security/addUser.jsp. Dank Manipulation des Arguments groupId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
March 6th, 2025 (4 months ago)
|
|
CVE-2025-2029 |
Description: A vulnerability was found in MicroDicom DICOM Viewer 2025.1 Build 3321. It has been classified as critical. Affected is an unknown function of the file mDicom.exe. The manipulation leads to memory corruption. The attack needs to be approached locally. It is recommended to upgrade the affected component. The vendor quickly confirmed the existence of the vulnerability and fixed it in the latest beta. Es wurde eine kritische Schwachstelle in MicroDicom DICOM Viewer 2025.1 Build 3321 ausgemacht. Es betrifft eine unbekannte Funktion der Datei mDicom.exe. Durch Beeinflussen mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
March 6th, 2025 (4 months ago)
|
|
CVE-2024-13894 |
Description: Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to path traversal.
When an affected device is connected to a mobile app, it opens a port 10000 enabling a user to download pictures shot at specific moments by providing paths to the files. However, the directories to which a user has access are not limited, allowing for path traversal attacks and downloading sensitive information.
The vendor has not replied to reports, so the patching status remains unknown. Newer firmware versions might be vulnerable as well.
CVSS: MEDIUM (5.9) EPSS Score: 0.02% SSVC Exploitation: none
March 6th, 2025 (4 months ago)
|
|
CVE-2024-13893 |
Description: Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory.
For the telnet service to be enabled, the inserted SD card needs to have a folder with a specific name created.Â
Two products were tested, but since the vendor has not replied to reports, patching status remains unknown, as well as groups of devices and firmware ranges in which the same password is shared.
Newer firmware versions might be vulnerable as well.
CVSS: HIGH (7.5) EPSS Score: 0.02% SSVC Exploitation: none
March 6th, 2025 (4 months ago)
|
|
CVE-2024-13892 |
Description: Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection.
During the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly sanitized, what allows for command injection.
The vendor has not replied to reports, so the patching status remains unknown. Newer firmware versions might be vulnerable as well.
CVSS: HIGH (7.7) EPSS Score: 0.71% SSVC Exploitation: none
March 6th, 2025 (4 months ago)
|
|
CVE-2024-12146 |
Description: Improper Validation of Syntactic Correctness of Input vulnerability in Finder Fire Safety Finder ERP/CRM (New System) allows SQL Injection.This issue affects Finder ERP/CRM (New System): before 18.12.2024.
CVSS: HIGH (7.5) EPSS Score: 0.06% SSVC Exploitation: none
March 6th, 2025 (4 months ago)
|