CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26202 |
Description: Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings (2.4GHz & 5GHz bands) in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an administrator views the passphrase via the "Click here to display" option on the Status page
EPSS Score: 0.11%
March 4th, 2025 (4 months ago)
|
|
CVE-2025-1969 |
Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center
Description: Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM.
Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
March 4th, 2025 (4 months ago)
|
|
CVE-2025-1947 |
Description: A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. This affects the function scorm of the file UploadImageController.java. The manipulation of the argument param leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in hzmanyun Education and Training System 2.1.3 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist die Funktion scorm der Datei UploadImageController.java. Durch die Manipulation des Arguments param mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 1.47% SSVC Exploitation: poc
March 4th, 2025 (4 months ago)
|
|
CVE-2025-1946 |
Description: A vulnerability was found in hzmanyun Education and Training System 2.1. It has been rated as critical. Affected by this issue is the function exportPDF of the file /user/exportPDF. The manipulation of the argument id leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in hzmanyun Education and Training System 2.1 ausgemacht. Davon betroffen ist die Funktion exportPDF der Datei /user/exportPDF. Mit der Manipulation des Arguments id mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 1.47% SSVC Exploitation: poc
March 4th, 2025 (4 months ago)
|
|
Description: Media reports over the weekend suggested the Trump Administration ordered US Cyber Command and CISA to draw down cyber activities targeting Russia.
March 4th, 2025 (4 months ago)
|
|
|
|
|
CVE-2024-41147 |
Description: An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially crafted .flac file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
CVSS: HIGH (7.7) EPSS Score: 0.05%
March 4th, 2025 (4 months ago)
|
|
CVE-2024-10930 |
Description: An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.
CVSS: HIGH (7.1) EPSS Score: 0.07%
March 4th, 2025 (4 months ago)
|
|
|
Description: fsociety: A Modular Penetration Testing Framework
March 4th, 2025 (4 months ago)
|
|
|
Description: Google has announced an increased rollout of new AI-powered scam detection features on Android to help protect users from increasingly sophisticated phone and text social engineering scams. [...]
March 4th, 2025 (4 months ago)
|