CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-1946
hzmanyun Education and Training System exportPDF command injection
Description: A vulnerability was found in hzmanyun Education and Training System 2.1. It has been rated as critical. Affected by this issue is the function exportPDF of the file /user/exportPDF. The manipulation of the argument id leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in hzmanyun Education and Training System 2.1 ausgemacht. Davon betroffen ist die Funktion exportPDF der Datei /user/exportPDF. Mit der Manipulation des Arguments id mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 1.47%

SSVC Exploitation: poc

Source: CVE
March 4th, 2025 (4 months ago)
Pentagon, CISA Deny Change in US Cyber Policy on Russia
Description: Media reports over the weekend suggested the Trump Administration ordered US Cyber Command and CISA to draw down cyber activities targeting Russia.
Source: Dark Reading
March 4th, 2025 (4 months ago)
Visuals
Source: DarkWebInformer
March 4th, 2025 (4 months ago)

CVE-2024-41147
An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially...
Description: An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially crafted .flac file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

CVSS: HIGH (7.7)

EPSS Score: 0.05%

Source: CVE
March 4th, 2025 (4 months ago)

CVE-2024-10930
Carrier Block Load Privilege Escalation
Description: An Uncontrolled Search Path Element vulnerability exists which could allow a malicious actor to perform DLL hijacking and execute arbitrary code with escalated privileges.

CVSS: HIGH (7.1)

EPSS Score: 0.07%

Source: CVE
March 4th, 2025 (4 months ago)
fsociety: A Modular Penetration Testing Framework
Description: fsociety: A Modular Penetration Testing Framework
Source: DarkWebInformer
March 4th, 2025 (4 months ago)
Google expands Android AI scam detection to more Pixel devices
Description: Google has announced an increased rollout of new AI-powered scam detection features on Android to help protect users from increasingly sophisticated phone and text social engineering scams. [...]
Source: BleepingComputer
March 4th, 2025 (4 months ago)
[github.com/matrix-org/pinecone] In-memory stored Cross-site scripting (XSS) vulnerability in pineconesim
Description: Impact The Pinecone Simulator (pineconesim) included in Pinecone up to commit https://github.com/matrix-org/pinecone/commit/ea4c33717fd74ef7d6f49490625a0fa10e3f5bbc is vulnerable to stored cross-site scripting. The payload storage is not permanent and will be wiped when restarting pineconsim. Patches Commit https://github.com/matrix-org/pinecone/commit/218b2801995b174085cb1c8fafe2d3aa661f85bd contains the fixes. Workarounds N/A For more information If you have any questions or comments about this advisory, please email us at security at matrix.org. References https://github.com/matrix-org/pinecone/security/advisories/GHSA-fr62-mg2q-7wqv https://github.com/matrix-org/pinecone/commit/218b2801995b174085cb1c8fafe2d3aa661f85bd https://github.com/advisories/GHSA-fr62-mg2q-7wqv
Source: Github Advisory Database (Go)
March 4th, 2025 (4 months ago)
Apple’s Rosetta 2 Exploited for Bypassing macOS Security Protections
Description: Hackers have been exploiting a significant security loophole in Apple’s Rosetta 2—the translation technology that allows Intel-based apps to run on Apple Silicon. According to Google’s Mandiant researchers, North Korean hacking groups are deliberately using x86-64 (Intel) malware instead of native ARM64 (Apple Silicon) versions because it bypasses stricter security measures enforced on ARM64 apps. … The post Apple’s Rosetta 2 Exploited for Bypassing macOS Security Protections appeared first on CyberInsider.
Source: CyberInsider
March 4th, 2025 (4 months ago)

CVE-2025-27507
IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations
Description: The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. ZITADEL's Admin API contains Insecure Direct Object Reference (IDOR) vulnerabilities that allow authenticated users, without specific IAM roles, to modify sensitive settings. While several endpoints are affected, the most critical vulnerability lies in the ability to manipulate LDAP configurations. Customers who do not utilize LDAP for authentication are not at risk from the most severe aspects of this vulnerability. However, upgrading to the patched version to address all identified issues is strongly recommended. This vulnerability is fixed in 2.71.0, 2.70.1, ,2.69.4, 2.68.4, 2.67.8, 2.66.11, 2.65.6, 2.64.5, and 2.63.8.

CVSS: CRITICAL (9.0)

EPSS Score: 0.1%

Source: CVE
March 4th, 2025 (4 months ago)