CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: miyako is Claiming to Sell Access to an Unidentified Instant Noodle Brand
February 27th, 2025 (4 months ago)
|
CVE-2025-27399 |
Description: Mastodon is a self-hosted, federated microblogging platform. In versions prior to 4.1.23, 4.2.16, and 4.3.4, when the visibility for domain blocks/reasons is set to "users" (localized English string: "To logged-in users"), users that are not yet approved can view the block reasons. Instance admins that do not want their domain blocks to be public are impacted. Versions 4.1.23, 4.2.16, and 4.3.4 fix the issue.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
February 27th, 2025 (4 months ago)
|
|
CVE-2025-27157 |
Description: Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on `/auth/setup`. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 and 4.3.4 fix the issue.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
February 27th, 2025 (4 months ago)
|
|
CVE-2025-1745 |
Description: A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. This vulnerability affects unknown code of the component Logout. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In LinZhaoguan pb-cms 2.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Komponente Logout. Durch das Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.02% SSVC Exploitation: poc
February 27th, 2025 (4 months ago)
|
|
CVE-2025-1743 |
Description: A vulnerability, which was classified as critical, was found in zyx0814 Pichome 2.1.0. This affects an unknown part of the file /index.php?mod=textviewer. The manipulation of the argument src leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in zyx0814 Pichome 2.1.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /index.php?mod=textviewer. Mittels Manipulieren des Arguments src mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.06% SSVC Exploitation: poc
February 27th, 2025 (4 months ago)
|
|
CVE-2025-1742 |
Description: A vulnerability, which was classified as problematic, has been found in pihome-shc PiHome 2.0. Affected by this issue is some unknown functionality of the file /home.php. The manipulation of the argument page_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine problematische Schwachstelle wurde in pihome-shc PiHome 2.0 entdeckt. Davon betroffen ist unbekannter Code der Datei /home.php. Mittels dem Manipulieren des Arguments page_name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
February 27th, 2025 (4 months ago)
|
|
|
Description: Bangladesh Civilian Force Targeted the Website of Indian Air Force
February 27th, 2025 (4 months ago)
|
|
|
Description: A Threat Actor Claims to be Selling VPN Access to Argentina Government
February 27th, 2025 (4 months ago)
|
|
|
Description: Microsoft has named multiple threat actors part of a cybercrime gang accused of developing malicious tools capable of bypassing generative AI guardrails to generate celebrity deepfakes and other illicit content. [...]
February 27th, 2025 (4 months ago)
|
|
CVE-2025-1691 |
Description: The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete text that is a prefix of the attacker’s prepared autocompletion. This issue affects mongosh versions prior to 2.3.9.
The vulnerability is exploitable only when mongosh is connected to a cluster that is partially or fully controlled by an attacker.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-1691
https://jira.mongodb.org/browse/MONGOSH-2024
https://github.com/advisories/GHSA-43g5-2wr2-q7vj
CVSS: HIGH (7.6) EPSS Score: 0.05%
February 27th, 2025 (4 months ago)
|