CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Counter Claims to have Leaked the Data of Smoke's & Jack's Roleplay Forum
Description: Counter Claims to have Leaked the Data of Smoke's & Jack's Roleplay Forum
Source: DarkWebInformer
March 3rd, 2025 (4 months ago)
Counter Claims to have Leaked the Data of TXG Corp
Description: Counter Claims to have Leaked the Data of TXG Corp
Source: DarkWebInformer
March 3rd, 2025 (4 months ago)

CVE-2025-27099
Tuleap allows XSS via the tracker names used in the semantic timeframe deletion message
Description: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timeframe used by other trackers could use this vulnerability to force other tracker administrators to execute uncontrolled code. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740067916 and Tuleap Enterprise Edition 16.4-5 and 16.3-10.

CVSS: MEDIUM (4.8)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-27094
Tuleap allows default values to be cleared from field configuration
Description: Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field, the size attribute for the multiselectbox field, the default value, number of rows, and columns attributes for the text field, and the default value, size, and max characters attributes for the string field configurations are lost when added as criteria in a saved report. Additionally, in Tuleap Community Edition versions 16.4.99.1739806825 to 16.4.99.1739877910, this issue could be exploited to prevent access to tracker data by triggering a crash. This vulnerability has been fixed in Tuleap Community Edition 16.4.99.1739877910 and Tuleap Enterprise Edition 16.3-9 and 16.4-4.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-25185
GPT Academic allows arbitary file read by tarfile uncompress within softlink
Description: GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server.

CVSS: HIGH (7.5)

EPSS Score: 0.07%

SSVC Exploitation: poc

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-24023
Observable Response Discrepancy in flask-appbuilder
Description: Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.

CVSS: LOW (3.7)

EPSS Score: 0.05%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-1801
Aap-gateway: aap-gateway privilege escalation
Description: A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the server to be jeopardized. A user session or confidential data might be vulnerable.

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-4885
WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability
🚨 Marked as known exploited on March 3rd, 2025 (4 months ago).
Description: In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.

CVSS: CRITICAL (9.8)

EPSS Score: 93.68%

SSVC Exploitation: active

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-43169
IBM Engineering Requirements Management DOORS Next file download
Description: IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.

CVSS: HIGH (8.8)

EPSS Score: 0.01%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-41771
IBM Engineering Requirements Management DOORS Next information disclosure
Description: IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
March 3rd, 2025 (4 months ago)