CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-54179 |
Description: IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0 and 24.0.1 are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
March 3rd, 2025 (4 months ago)
|
|
CVE-2024-47092 |
Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api
Description: Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1
CVSS: HIGH (7.7) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|
|
Description: The U.K.'s Information Commissioner's Office (ICO) has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between the ages of 13 and 17 in the country.
To that end, the watchdog said it's probing how the ByteDance-owned video-sharing service uses the personal data of children in the age range to surface recommendations
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-0289 |
Description: Threat actors have been exploiting a security vulnerability in Paragon Partition Manager's BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code.
The zero-day flaw (CVE-2025-0289) is part of a set of five vulnerabilities that was discovered by Microsoft, according to the CERT Coordination Center (CERT/CC).
"These include arbitrary kernel memory mapping and
EPSS Score: 0.05%
March 3rd, 2025 (4 months ago)
|
|
|
Description: Cybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc.
"The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in conjunction with the Microsoft Graph API to obscure C2 communications within trusted, well-known
March 3rd, 2025 (4 months ago)
|
|
|
Description: U.S. traders are buying 'digital residency' in Palau to skirt restrictions on the amount of cryptocurrency they can withdraw and the exchanges they can use. Major exchanges have already banned the ID, fearing abuse.
March 3rd, 2025 (4 months ago)
|
|
|
Description: The addition of SnapAttack, a startup incubated by Booz Allen Hamilton’s Darklabs, will enhance Splunk with accelerated SIEM migration and proactive threat hunting.
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-1875 |
Description: SQL injection vulnerability have been found in 101news affecting version 1.0 through the "searchtitle" parameter in search.php.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-1874 |
Description: SQL injection vulnerability have been found in 101news affecting version 1.0 through the "description" parameter in admin/add-category.php.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-1873 |
Description: SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagetitle" and "pagedescription" parameters in admin/contactus.php.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|