CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-23368 |
Description: A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-23368
https://access.redhat.com/security/cve/CVE-2025-23368
https://bugzilla.redhat.com/show_bug.cgi?id=2337621
https://github.com/advisories/GHSA-3jxr-23ph-c89g
EPSS Score: 0.09%
March 4th, 2025 (4 months ago)
|
|
Description: Palo Alto Networks' Unit 42 details how a threat actor is dodging detection with careful targeting and the use of Amazon's native email tools.
March 4th, 2025 (4 months ago)
|
|
CVE-2025-1955 |
Description: A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Scheduling/scheduling/pages/profile.php. The manipulation of the argument username leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine problematische Schwachstelle wurde in code-projects Online Class and Exam Scheduling System 1.0 ausgemacht. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /Scheduling/scheduling/pages/profile.php. Mittels dem Manipulieren des Arguments username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.1) EPSS Score: 0.03%
March 4th, 2025 (4 months ago)
|
|
CVE-2025-1954 |
Description: A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Human Metapneumovirus Testing Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht näher bekannte Funktion der Datei /login.php. Durch Manipulation des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.05%
March 4th, 2025 (4 months ago)
|
|
CVE-2025-1953 |
Description: A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.3.0 is able to address this issue. It is recommended to upgrade the affected component. In vLLM AIBrix 0.2.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei pkg/plugins/gateway/prefixcacheindexer/hash.go der Komponente Prefix Caching. Durch die Manipulation mit unbekannten Daten kann eine insufficiently random values-Schwachstelle ausgenutzt werden. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Ein Aktualisieren auf die Version 0.3.0 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: LOW (2.1) EPSS Score: 0.04% SSVC Exploitation: none
March 4th, 2025 (4 months ago)
|
|
CVE-2025-1080 |
Description: LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments.
This issue affects LibreOffice: from 24.8 before < 24.8.5, from 25.2 before < 25.2.1.
CVSS: HIGH (7.2) EPSS Score: 0.05% SSVC Exploitation: none
March 4th, 2025 (4 months ago)
|
|
CVE-2024-9135 |
Description: On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.
CVSS: MEDIUM (5.3) EPSS Score: 0.05% SSVC Exploitation: none
March 4th, 2025 (4 months ago)
|
|
CVE-2024-8000 |
Description: On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart.
Note: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.
CVSS: MEDIUM (5.3) EPSS Score: 0.03% SSVC Exploitation: none
March 4th, 2025 (4 months ago)
|
|
|
Description: Amnesty International said Serbian police used an exploit chain in tandem with legitimate mobile extraction dongle from vendor Cellebrite in an attack that brings up questions around ethical technology development.
March 4th, 2025 (4 months ago)
|
|
|
Description: Fraudulent IT workers are looking for engineering and developer positions in the US and Japan, and this time it's not about espionage.
March 4th, 2025 (4 months ago)
|