CyberAlerts

CVE-2024-11957

Description: Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough.

CVSS: CRITICAL (9.3)

EPSS Score: 0.01%

Source: CVE

March 4th, 2025 (4 months ago)

New polyglot malware hits aviation, satellite communication firms

Description: A previously undocumented polyglot malware is being deployed in attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates. [...]

Source: BleepingComputer

March 4th, 2025 (4 months ago)

[rack] Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Description: Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. Impact This vulnerability can distort log files, obscure attack traces, and complicate security auditing. Mitigation Update to the latest version of Rack, or Remove usage of Rack::Sendfile. References https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53 https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3 https://github.com/advisories/GHSA-8cgq-6mh2-7j6v

Source: Github Advisory Database (RubyGems)

March 4th, 2025 (4 months ago)

Cisco Webex for BroadWorks Credential Exposure Vulnerability

Description: A low-severity vulnerability in Cisco Webex for BroadWorks Release 45.2 could allow an unauthenticated, remote attacker to access data and credentials if unsecure transport is configured for the SIP communication. This vulnerability is due to the exposure of sensitive information in the SIP headers. A related issue could allow an authenticated user to access credentials in plain text in the client and server logs. A malicious actor could exploit this vulnerability and the related issue to access data and credentials and impersonate the user. A configuration change to fix this vulnerability and the related issue has been pushed to Cisco Webex for BroadWorks. Cisco recommends that customers restart their Cisco Webex application to apply the configuration changes. There is a workaround that addresses this vulnerability and the related issue. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-credexp-xMN85y6 Security Impact Rating: Informational

Source: Cisco Security Advisory

March 4th, 2025 (4 months ago)

CVE-2025-22224

VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches

🚨 Marked as known exploited on April 10th, 2025 (3 months ago).

Description: Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. The list of vulnerabilities is as follows - CVE-2025-22224 (CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with

CVSS: CRITICAL (9.3)

EPSS Score: 24.22%

Source: TheHackerNews

March 4th, 2025 (4 months ago)

nxe is Claiming to Sell Data of UAE Non-Objection Certificates (NOCs)

Description: nxe is Claiming to Sell Data of UAE Non-Objection Certificates (NOCs)

Source: DarkWebInformer

March 4th, 2025 (4 months ago)

Polish Space Agency offline as it recovers from cyberattack

Description: The Polish Space Agency (POLSA) has been offline since it disconnected its systems from the Internet over the weekend to contain a breach of its IT infrastructure. [...]

Source: BleepingComputer

March 4th, 2025 (4 months ago)

Facebook Cybertruck Owners Group Copes With Relentless Mockery

Description: A Facebook group for Cybertruck owners is full of videos of people flicking off Cybertrucks.

Source: 404 Media

March 4th, 2025 (4 months ago)

2024-07 Security Bulletin: BBE Cloudsetup: Multiple vulnerabilities resolved in 2.1.0 release

Source: Juniper Security Advisories

March 4th, 2025 (4 months ago)

CVE-2024-9149

SQLi in Wind Media's E-Commerce Website Template

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection.This issue affects E-Commerce Website Template: before v1.5.

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: CVE

March 4th, 2025 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-11957	Arbitrary Code Execution in WPS Office Description: Improper verification of the digital signature in ksojscore.dll in Kingsoft WPS Office in versions equal or less than 12.1.0.18276 on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.2.0.16909 to mitigate CVE-2024-7262 was not restrictive enough. CVSS: CRITICAL (9.3) EPSS Score: 0.01% Source: CVE March 4th, 2025 (4 months ago)
	New polyglot malware hits aviation, satellite communication firms Description: A previously undocumented polyglot malware is being deployed in attacks against aviation, satellite communication, and critical transportation organizations in the United Arab Emirates. [...] Source: BleepingComputer March 4th, 2025 (4 months ago)
	[rack] Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection Description: Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the header, resulting in log injection. Impact This vulnerability can distort log files, obscure attack traces, and complicate security auditing. Mitigation Update to the latest version of Rack, or Remove usage of Rack::Sendfile. References https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53 https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3 https://github.com/advisories/GHSA-8cgq-6mh2-7j6v Source: Github Advisory Database (RubyGems) March 4th, 2025 (4 months ago)
	Cisco Webex for BroadWorks Credential Exposure Vulnerability Description: A low-severity vulnerability in Cisco Webex for BroadWorks Release 45.2 could allow an unauthenticated, remote attacker to access data and credentials if unsecure transport is configured for the SIP communication. This vulnerability is due to the exposure of sensitive information in the SIP headers. A related issue could allow an authenticated user to access credentials in plain text in the client and server logs. A malicious actor could exploit this vulnerability and the related issue to access data and credentials and impersonate the user. A configuration change to fix this vulnerability and the related issue has been pushed to Cisco Webex for BroadWorks. Cisco recommends that customers restart their Cisco Webex application to apply the configuration changes. There is a workaround that addresses this vulnerability and the related issue. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-credexp-xMN85y6 Security Impact Rating: Informational Source: Cisco Security Advisory March 4th, 2025 (4 months ago)
CVE-2025-22224	VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches 🚨 Marked as known exploited on April 10th, 2025 (3 months ago). Description: Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. The list of vulnerabilities is as follows - CVE-2025-22224 (CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with CVSS: CRITICAL (9.3) EPSS Score: 24.22% Source: TheHackerNews March 4th, 2025 (4 months ago)
	nxe is Claiming to Sell Data of UAE Non-Objection Certificates (NOCs) Description: nxe is Claiming to Sell Data of UAE Non-Objection Certificates (NOCs) Source: DarkWebInformer March 4th, 2025 (4 months ago)
	Polish Space Agency offline as it recovers from cyberattack Description: The Polish Space Agency (POLSA) has been offline since it disconnected its systems from the Internet over the weekend to contain a breach of its IT infrastructure. [...] Source: BleepingComputer March 4th, 2025 (4 months ago)
	Facebook Cybertruck Owners Group Copes With Relentless Mockery Description: A Facebook group for Cybertruck owners is full of videos of people flicking off Cybertrucks. Source: 404 Media March 4th, 2025 (4 months ago)
	2024-07 Security Bulletin: BBE Cloudsetup: Multiple vulnerabilities resolved in 2.1.0 release Source: Juniper Security Advisories March 4th, 2025 (4 months ago)
CVE-2024-9149	SQLi in Wind Media's E-Commerce Website Template Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wind Media E-Commerce Website Template allows SQL Injection.This issue affects E-Commerce Website Template: before v1.5. CVSS: HIGH (8.6) EPSS Score: 0.04% Source: CVE March 4th, 2025 (4 months ago)