CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-25326
An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user...
Description: An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user information via supplying a crafted link.

EPSS Score: 0.02%

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2025-25325
An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via...
Description: An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via supplying a crafted link.

EPSS Score: 0.02%

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2025-25324
An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted...
Description: An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted link.

EPSS Score: 0.02%

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2025-25323
An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows attackers to access sensitive user information via...
Description: An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows attackers to access sensitive user information via supplying a crafted link.

EPSS Score: 0.02%

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2025-23687
WordPress Woo Store Mode plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simonhunter Woo Store Mode allows Reflected XSS. This issue affects Woo Store Mode: from n/a through 1.0.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2025-0914
Velociraptor Shell Plugin Prevent_execve Bypass
Description: An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4.

CVSS: LOW (3.8)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2024-9285
Tu Yafeng Via Browser Javascript Bridge cross site scripting
Description: A vulnerability was found in Tu Yafeng Via Browser up to 5.9.0 on Android. It has been rated as problematic. This issue affects some unknown processing of the component Javascript Bridge. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. Eine Schwachstelle wurde in Tu Yafeng Via Browser bis 5.9.0 für Android ausgemacht. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Komponente Javascript Bridge. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird Patching empfohlen.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
February 27th, 2025 (4 months ago)
miyako Claims to be Selling Access to an Unidentified Internet Service Provider in Bosnia
Description: miyako Claims to be Selling Access to an Unidentified Internet Service Provider in Bosnia
Source: DarkWebInformer
February 27th, 2025 (4 months ago)

CVE-2021-29999
Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers
Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Communication modules for Modicon M580 and Quantum controllers Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a stack overflow attack, which could result in loss of confidentiality, integrity, and denial of service of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following communication modules for Modicon M580 and Quantum controllers are affected by a vulnerability in VxWorks operating system: Modicon M580 communication modules BMENOC BMENOC0321: Versions prior to SV1.10 Modicon M580 communication modules BMECRA BMECRA31210: All versions Modicon M580/Quantum communication modules BMXCRA BMXCRA31200: All versions Modicon M580/Quantum communication modules BMXCRA BMXCRA31210: All versions Modicon Quantum communication modules 140CRA 140CRA31908: All versions Modicon Quantum communication modules 140CRA 140CRA31200: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 A possible stack overflow in dhcp server was discovered in Wind River VxWorks through 6.8. CVE-2021-29999 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critic...

CVSS: CRITICAL (9.8)

Source: All CISA Advisories
February 27th, 2025 (4 months ago)

CVE-2025-20060
Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application
Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dario Health Equipment: USB-C Blood Glucose Monitoring System Starter Kit Android Application, Application Database and Internet-based Server Infrastructure Vulnerabilities: Exposure of Private Personal Information to an Unauthorized Actor, Improper Output Neutralization For Logs, Storage of Sensitive Data In a Mechanism Without Access Control, Cleartext Transmission of Sensitive Information, Cross-site Scripting (XSS), Sensitive Cookie Without 'HttpOnly' Flag, Exposure of Sensitive Information Due To Incompatible Policies 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to expose information, inject code, manipulate data, or achieve cross-site scripting (XSS), resulting in full session compromise. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Dario Health products are affected: USB-C Blood Glucose Monitoring System Starter Kit Android Applications: Versions 5.8.7.0.36 and prior Dario Application Database and Internet-based Server Infrastructure: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSURE OF PRIVATE PERSONAL INFORMATION TO AN UNAUTHORIZED ACTOR CWE-359 An attacker could expose cross-user Personal Identifiable Information (PII) and personal health information transmitted to the Android device via the Dario Health application database. CVE-2025-20060 has been assigned to this vulnerability. A CVSS v3.1 ...

EPSS Score: 0.09%

Source: All CISA Advisories
February 27th, 2025 (4 months ago)