CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-25730	An issue in Motorola Mobility Droid Razr HD (Model XT926) System Version: 9.18.94.XT926.Verizon.en.US allows physically proximate unauthorized... Description: An issue in Motorola Mobility Droid Razr HD (Model XT926) System Version: 9.18.94.XT926.Verizon.en.US allows physically proximate unauthorized attackers to access USB debugging, leading to control of the host device itself. EPSS Score: 0.02% Source: CVE February 27th, 2025 (4 months ago)
CVE-2025-25570	Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials. Description: Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials. EPSS Score: 0.06% Source: CVE February 27th, 2025 (4 months ago)
CVE-2024-38292	In XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. Description: In XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. EPSS Score: 0.07% Source: CVE February 27th, 2025 (4 months ago)
CVE-2024-38291	In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation. Description: In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation. EPSS Score: 0.04% Source: CVE February 27th, 2025 (4 months ago)
CVE-2024-38290	In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met. Description: In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met. EPSS Score: 0.04% Source: CVE February 27th, 2025 (4 months ago)
	FBI officially fingers North Korea for $1.5B Bybit crypto-burglary Source: TheRegister February 27th, 2025 (4 months ago)
CVE-2025-21824	gpu: host1x: Fix a use of uninitialized mutex Description: In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a use of uninitialized mutex commit c8347f915e67 ("gpu: host1x: Fix boot regression for Tegra") caused a use of uninitialized mutex leading to below warning when CONFIG_DEBUG_MUTEXES and CONFIG_DEBUG_LOCK_ALLOC are enabled. [ 41.662843] ------------[ cut here ]------------ [ 41.663012] DEBUG_LOCKS_WARN_ON(lock->magic != lock) [ 41.663035] WARNING: CPU: 4 PID: 794 at kernel/locking/mutex.c:587 __mutex_lock+0x670/0x878 [ 41.663458] Modules linked in: rtw88_8822c(+) bluetooth(+) rtw88_pci rtw88_core mac80211 aquantia libarc4 crc_itu_t cfg80211 tegra194_cpufreq dwmac_tegra(+) arm_dsu_pmu stmmac_platform stmmac pcs_xpcs rfkill at24 host1x(+) tegra_bpmp_thermal ramoops reed_solomon fuse loop nfnetlink xfs mmc_block rpmb_core ucsi_ccg ina3221 crct10dif_ce xhci_tegra ghash_ce lm90 sha2_ce sha256_arm64 sha1_ce sdhci_tegra pwm_fan sdhci_pltfm sdhci gpio_keys rtc_tegra cqhci mmc_core phy_tegra_xusb i2c_tegra tegra186_gpc_dma i2c_tegra_bpmp spi_tegra114 dm_mirror dm_region_hash dm_log dm_mod [ 41.665078] CPU: 4 UID: 0 PID: 794 Comm: (udev-worker) Not tainted 6.11.0-29.31_1538613708.el10.aarch64+debug #1 [ 41.665838] Hardware name: NVIDIA NVIDIA Jetson AGX Orin Developer Kit/Jetson, BIOS 36.3.0-gcid-35594366 02/26/2024 [ 41.672555] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 41.679636] pc : __mutex_lock+0x670/0x878 [ 41.683834] lr : __mutex_lock+0x670/0x878 [ ... EPSS Score: 0.02% Source: CVE February 27th, 2025 (4 months ago)
CVE-2025-21823	batman-adv: Drop unmanaged ELP metric worker Description: In the Linux kernel, the following vulnerability has been resolved: batman-adv: Drop unmanaged ELP metric worker The ELP worker needs to calculate new metric values for all neighbors "reachable" over an interface. Some of the used metric sources require locks which might need to sleep. This sleep is incompatible with the RCU list iterator used for the recorded neighbors. The initial approach to work around of this problem was to queue another work item per neighbor and then run this in a new context. Even when this solved the RCU vs might_sleep() conflict, it has a major problems: Nothing was stopping the work item in case it is not needed anymore - for example because one of the related interfaces was removed or the batman-adv module was unloaded - resulting in potential invalid memory accesses. Directly canceling the metric worker also has various problems: * cancel_work_sync for a to-be-deactivated interface is called with rtnl_lock held. But the code in the ELP metric worker also tries to use rtnl_lock() - which will never return in this case. This also means that cancel_work_sync would never return because it is waiting for the worker to finish. * iterating over the neighbor list for the to-be-deactivated interface is currently done using the RCU specific methods. Which means that it is possible to miss items when iterating over it without the associated spinlock - a behaviour which is acceptable for a periodic metric check but not for a cleanup r... EPSS Score: 0.05% Source: CVE February 27th, 2025 (4 months ago)
CVE-2025-21822	ptp: vmclock: Set driver data before its usage Description: In the Linux kernel, the following vulnerability has been resolved: ptp: vmclock: Set driver data before its usage If vmclock_ptp_register() fails during probing, vmclock_remove() is called to clean up the ptp clock and misc device. It uses dev_get_drvdata() to access the vmclock state. However the driver data is not yet set at this point. Assign the driver data earlier. EPSS Score: 0.02% Source: CVE February 27th, 2025 (4 months ago)
CVE-2025-21821	fbdev: omap: use threaded IRQ for LCD DMA Description: In the Linux kernel, the following vulnerability has been resolved: fbdev: omap: use threaded IRQ for LCD DMA When using touchscreen and framebuffer, Nokia 770 crashes easily with: BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000 Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2 Hardware name: Nokia 770 Call trace: unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x54/0x5c dump_stack_lvl from __schedule_bug+0x50/0x70 __schedule_bug from __schedule+0x4d4/0x5bc __schedule from schedule+0x34/0xa0 schedule from schedule_preempt_disabled+0xc/0x10 schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4 __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4 clk_prepare_lock from clk_set_rate+0x18/0x154 clk_set_rate from sossi_read_data+0x4c/0x168 sossi_read_data from hwa742_read_reg+0x5c/0x8c hwa742_read_reg from send_frame_handler+0xfc/0x300 send_frame_handler from process_pending_requests+0x74/0xd0 process_pending_requests from lcd_dma_irq_handler+0x50/0x74 lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130 __handle_irq_event_percpu from handle_irq_event+0x28/0x68 handle_irq_event from handle_level_irq+0x9c/0x170 handle_level_irq from generic_handle_domain_irq+0x2c/0x3c generic... EPSS Score: 0.03% Source: CVE February 27th, 2025 (4 months ago)