CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-46226

Description: A stored cross site scripting (XSS) vulnerability in HelpDeskZ < v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket.

EPSS Score: 0.04%

SSVC Exploitation: poc

Source: CVE
February 26th, 2025 (4 months ago)
Description: Hacktivist Heaven Defaced the Website of Bangladesh Digital University
Source: DarkWebInformer
February 26th, 2025 (4 months ago)
Description: HOLT CAT Has Fallen Victim to Cactus Ransomware
Source: DarkWebInformer
February 26th, 2025 (4 months ago)
Description: The immensely popular memecoin generator Pump.fun had its X account hacked to promote a fake "PUMP" token cryptocurrency scam. [...]
Source: BleepingComputer
February 26th, 2025 (4 months ago)

CVE-2025-20111

Description: A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n3kn9k-healthdos-eOqSWK4g This advisory is part of the February 2025 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2025 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. Security Impact Rating: High CVE: CVE-2025-20111

EPSS Score: 0.04%

Source: Cisco Security Advisory
February 26th, 2025 (4 months ago)

CVE-2025-20161

Description: A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with valid Administrator credentials to execute a command injection attack on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of specific elements within a software image. An attacker could exploit this vulnerability by installing a crafted image. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.  Note: Administrators should validate the hash of any software image before installation. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ici-dpOjbWxk This advisory is part of the February 2025 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: February 2025 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. Security Impact Rating: Medium CVE: CVE-2025-20161

EPSS Score: 0.23%

Source: Cisco Security Advisory
February 26th, 2025 (4 months ago)

CVE-2025-20116

Description: Multiple vulnerabilities in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated attacker to access sensitive information, execute arbitrary commands, cause a denial of service (DoS) condition, or perform cross-site scripting (XSS) attacks. To exploit these vulnerabilities, the attacker must have valid administrative credentials. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-multi-vulns-9ummtg5 Security Impact Rating: Medium CVE: CVE-2025-20116,CVE-2025-20117,CVE-2025-20118,CVE-2025-20119

EPSS Score: 0.03%

Source: Cisco Security Advisory
February 26th, 2025 (4 months ago)
Description: Windows Active Directory (AD) service accounts are prime cyber-attack targets due to their elevated privileges and automated/continuous access to important systems. Learn from Specops Software about five best practices to help secure your Active Directory service accounts. [...]
Source: BleepingComputer
February 26th, 2025 (4 months ago)
Description: A threat actor tracked as 'EncryptHub,' aka Larva-208,  has been targeting organizations worldwide with spear-phishing and social engineering attacks to gain access to corporate networks. [...]
Source: BleepingComputer
February 26th, 2025 (4 months ago)

CVE-2025-25827

Description: A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.

EPSS Score: 0.02%

Source: CVE
February 26th, 2025 (4 months ago)