CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-26531
IDOR in badges allows disabling of arbitrary badges
Description: Insufficient capability checks made it possible to disable badges a user does not have permission to access.

CVSS: LOW (3.1)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (4 months ago)
[better-auth] Better Auth allows bypassing the trustedOrigins Protection which leads to ATO
Description: Summary A bypass was found for the security feature trustedOrigins. This works for wild card or absolute URLs trustedOrigins configs and opens the victims website to a Open Redirect vulnerability, where it can be used to steal the reset password token of a victims account by changing the "callbackURL" parameter value to a website owned by the attacker. Details Absolute URLs The issue here appears in the middleware, specifically. This protection is not sufficiente and it allows attackers to get a open redirect, by using the payload /\/example.com. We can check this is a valid URL ( or it will be a valid URL because the URL parser fix it for us ), by checking the image bellow: // trustedOrigins = [ "https://example.com" ] validateURL("https://attacker.com", "callbackURL") // ❌ APIError, No Redirect validateURL("/\/attacker.com", "callbackURL") // ✅ Redirect to http://attacker.com Regex The issue here is because the regex is not strong enough [^/\\]*?\.example\.com[/\\]*? ( this is the regex it will be created if we have a wildcard as config ), but we can bypass by using a payload like: // trustedOrigins = [ "*.example.com" ] ┌──────────────────┐ ┌────────────────┐ ┌─────────────────┐ │ None of [ "/\" ] │ ────▶ │ ".example.com" │ ────▶ │ One of [ "/\" ] │ └──────────────────┘ └────────────────┘ └─────────────────┘ demo .example.com / ✅ Redirect to https://example.com d...
Source: Github Advisory Database (NPM)
February 24th, 2025 (4 months ago)

CVE-2025-26803
[passenger] Phusion Passenger denial of service
Description: The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method. References https://nvd.nist.gov/vuln/detail/CVE-2025-26803 https://github.com/phusion/passenger/commit/bb15591646687064ab2d578d5f9660b2a4168017 https://blog.phusion.nl/2025/02/19/passenger-6-0-26 https://github.com/phusion/passenger/compare/release-6.0.25...release-6.0.26 https://github.com/phusion/passenger/releases/tag/release-6.0.26 https://www.phusionpassenger.com/support https://github.com/advisories/GHSA-2cj2-qqxj-5m3r

EPSS Score: 0.18%

Source: Github Advisory Database (RubyGems)
February 24th, 2025 (4 months ago)
Former Heritage Foundation Staffer Orders Treasury Employees to Respond to Elon Musk’s Email
Description: Treasury workers don't know who the person is or why he is sending emails from a "Secretary of the Treasury" email address.
Source: 404 Media
February 24th, 2025 (4 months ago)
Russia warns financial sector of major IT service provider hack
Description: Russia's National Coordination Center for Computer Incidents (NKTsKI) is warning organizations in the country's credit and financial sector about a breach at LANIT, a major Russian IT service and software provider. [...]
Source: BleepingComputer
February 24th, 2025 (4 months ago)

CVE-2025-27364
In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant)...
Description: In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera's Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.

CVSS: CRITICAL (10.0)

EPSS Score: 0.56%

SSVC Exploitation: poc

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-26530
Reflected XSS via question bank filter
Description: The question bank filter required additional sanitizing to prevent a reflected XSS risk.

CVSS: HIGH (8.3)

EPSS Score: 0.05%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-26529
Stored XSS risk in admin live log
Description: Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

CVSS: HIGH (8.3)

EPSS Score: 0.05%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-26528
Stored XSS in ddimageortext question type
Description: The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.

CVSS: LOW (3.4)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-26527
Non-searchable tags can still be discovered on the tag search page and in the tags block
Description: Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
February 24th, 2025 (4 months ago)