CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: Counter Claims to have Leaked the Data of Smoke's & Jack's Roleplay Forum
Source: DarkWebInformer
March 3rd, 2025 (4 months ago)
Description: Counter Claims to have Leaked the Data of TXG Corp
Source: DarkWebInformer
March 3rd, 2025 (4 months ago)

CVE-2025-27099

Description: Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timeframe used by other trackers could use this vulnerability to force other tracker administrators to execute uncontrolled code. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740067916 and Tuleap Enterprise Edition 16.4-5 and 16.3-10.

CVSS: MEDIUM (4.8)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-27094

Description: Tuleap is an open-source suite designed to improve software development management and collaboration. A malicious user with access to a tracker could force-reset certain field configurations, leading to potential information loss. The display time attribute for the date field, the size attribute for the multiselectbox field, the default value, number of rows, and columns attributes for the text field, and the default value, size, and max characters attributes for the string field configurations are lost when added as criteria in a saved report. Additionally, in Tuleap Community Edition versions 16.4.99.1739806825 to 16.4.99.1739877910, this issue could be exploited to prevent access to tracker data by triggering a crash. This vulnerability has been fixed in Tuleap Community Edition 16.4.99.1739877910 and Tuleap Enterprise Edition 16.3-9 and 16.4-4.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-25185

Description: GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Subsequently, when accessing the decompressed file from the server, the soft link will point to the target file on the victim server. The vulnerability allows attackers to read all files on the server.

CVSS: HIGH (7.5)

EPSS Score: 0.07%

SSVC Exploitation: poc

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-24023

Description: Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.

CVSS: LOW (3.7)

EPSS Score: 0.05%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-1801

Description: A flaw was found in the Ansible aap-gateway. Concurrent requests handled by the gateway grpc service can result in concurrency issues due to race condition requests against the proxy. This issue potentially allows a less privileged user to obtain the JWT of a greater privileged user, enabling the server to be jeopardized. A user session or confidential data might be vulnerable.

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-4885

🚨 Marked as known exploited on March 3rd, 2025 (4 months ago).
Description: In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.

CVSS: CRITICAL (9.8)

EPSS Score: 93.68%

SSVC Exploitation: active

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-43169

Description: IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a user to download a malicious file without verifying the integrity of the code.

CVSS: HIGH (8.8)

EPSS Score: 0.01%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-41771

Description: IBM Engineering Requirements Management DOORS Next 7.0.2, 7.0.3, and 7.1 could allow a remote attacker to download temporary files which could expose application logic or other sensitive information.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
March 3rd, 2025 (4 months ago)