CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-23687 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in simonhunter Woo Store Mode allows Reflected XSS. This issue affects Woo Store Mode: from n/a through 1.0.1.
CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none
February 27th, 2025 (4 months ago)
|
|
CVE-2025-0914 |
Description: An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4.
CVSS: LOW (3.8) EPSS Score: 0.03% SSVC Exploitation: none
February 27th, 2025 (4 months ago)
|
|
CVE-2024-9285 |
Description: A vulnerability was found in Tu Yafeng Via Browser up to 5.9.0 on Android. It has been rated as problematic. This issue affects some unknown processing of the component Javascript Bridge. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. Eine Schwachstelle wurde in Tu Yafeng Via Browser bis 5.9.0 für Android ausgemacht. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Komponente Javascript Bridge. Mittels dem Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird Patching empfohlen.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
February 27th, 2025 (4 months ago)
|
|
Description: miyako Claims to be Selling Access to an Unidentified Internet Service Provider in Bosnia
February 27th, 2025 (4 months ago)
|
|
CVE-2021-29999 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.8
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: Communication modules for Modicon M580 and Quantum controllers
Vulnerability: Out-of-bounds Write
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow a stack overflow attack, which could result in loss of confidentiality, integrity, and denial of service of the device.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Schneider Electric reports that the following communication modules for Modicon M580 and Quantum controllers are affected by a vulnerability in VxWorks operating system:
Modicon M580 communication modules BMENOC BMENOC0321: Versions prior to SV1.10
Modicon M580 communication modules BMECRA BMECRA31210: All versions
Modicon M580/Quantum communication modules BMXCRA BMXCRA31200: All versions
Modicon M580/Quantum communication modules BMXCRA BMXCRA31210: All versions
Modicon Quantum communication modules 140CRA 140CRA31908: All versions
Modicon Quantum communication modules 140CRA 140CRA31200: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 OUT-OF-BOUNDS WRITE CWE-787
A possible stack overflow in dhcp server was discovered in Wind River VxWorks through 6.8.
CVE-2021-29999 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critic...
CVSS: CRITICAL (9.8)
February 27th, 2025 (4 months ago)
|
|
CVE-2025-20060 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.7
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Dario Health
Equipment: USB-C Blood Glucose Monitoring System Starter Kit Android Application, Application Database and Internet-based Server Infrastructure
Vulnerabilities: Exposure of Private Personal Information to an Unauthorized Actor, Improper Output Neutralization For Logs, Storage of Sensitive Data In a Mechanism Without Access Control, Cleartext Transmission of Sensitive Information, Cross-site Scripting (XSS), Sensitive Cookie Without 'HttpOnly' Flag, Exposure of Sensitive Information Due To Incompatible Policies
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to expose information, inject code, manipulate data, or achieve cross-site scripting (XSS), resulting in full session compromise.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Dario Health products are affected:
USB-C Blood Glucose Monitoring System Starter Kit Android Applications: Versions 5.8.7.0.36 and prior
Dario Application Database and Internet-based Server Infrastructure: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 EXPOSURE OF PRIVATE PERSONAL INFORMATION TO AN UNAUTHORIZED ACTOR CWE-359
An attacker could expose cross-user Personal Identifiable Information (PII) and personal health information transmitted to the Android device via the Dario Health application database.
CVE-2025-20060 has been assigned to this vulnerability. A CVSS v3.1 ...
EPSS Score: 0.09%
February 27th, 2025 (4 months ago)
|
|
|
Description: miyako Claims to be Selling Access to an Unidentified Chinese Computer Store
February 27th, 2025 (4 months ago)
|
|
|
Description: It took about 24 hours for Alibaba’s Wan 2.1 to become popular in the AI porn community.
February 27th, 2025 (4 months ago)
|
|
|
Description: Arikos Claims to be Selling the Data of OurSMS
February 27th, 2025 (4 months ago)
|
|
|
Description: The Belgian federal prosecutor's office is investigating whether Chinese hackers were behind a breach of the country's State Security Service (VSSE). [...]
February 27th, 2025 (4 months ago)
|