CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-54179

Description: IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0 and 24.0.1 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS: MEDIUM (5.4)

EPSS Score: 0.02%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2024-47092

Description: Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1

CVSS: HIGH (7.7)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (4 months ago)
Description: The U.K.'s Information Commissioner's Office (ICO) has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between the ages of 13 and 17 in the country. To that end, the watchdog said it's probing how the ByteDance-owned video-sharing service uses the personal data of children in the age range to surface recommendations
Source: TheHackerNews
March 3rd, 2025 (4 months ago)

CVE-2025-0289

Description: Threat actors have been exploiting a security vulnerability in Paragon Partition Manager's BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code. The zero-day flaw (CVE-2025-0289) is part of a set of five vulnerabilities that was discovered by Microsoft, according to the CERT Coordination Center (CERT/CC). "These include arbitrary kernel memory mapping and

EPSS Score: 0.05%

Source: TheHackerNews
March 3rd, 2025 (4 months ago)
Description: Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc. "The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in conjunction with the Microsoft Graph API to obscure C2 communications within trusted, well-known
Source: TheHackerNews
March 3rd, 2025 (4 months ago)
Description: U.S. traders are buying 'digital residency' in Palau to skirt restrictions on the amount of cryptocurrency they can withdraw and the exchanges they can use. Major exchanges have already banned the ID, fearing abuse.
Source: 404 Media
March 3rd, 2025 (4 months ago)
Description: The addition of SnapAttack, a startup incubated by Booz Allen Hamilton’s Darklabs, will enhance Splunk with accelerated SIEM migration and proactive threat hunting.
Source: Dark Reading
March 3rd, 2025 (4 months ago)

CVE-2025-1875

Description: SQL injection vulnerability have been found in 101news affecting version 1.0 through the "searchtitle" parameter in search.php.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-1874

Description: SQL injection vulnerability have been found in 101news affecting version 1.0 through the "description" parameter in admin/add-category.php.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-1873

Description: SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagetitle" and "pagedescription" parameters in admin/contactus.php.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (4 months ago)