CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-26531

Description: Insufficient capability checks made it possible to disable badges a user does not have permission to access.

CVSS: LOW (3.1)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (4 months ago)
Description: Summary A bypass was found for the security feature trustedOrigins. This works for wild card or absolute URLs trustedOrigins configs and opens the victims website to a Open Redirect vulnerability, where it can be used to steal the reset password token of a victims account by changing the "callbackURL" parameter value to a website owned by the attacker. Details Absolute URLs The issue here appears in the middleware, specifically. This protection is not sufficiente and it allows attackers to get a open redirect, by using the payload /\/example.com. We can check this is a valid URL ( or it will be a valid URL because the URL parser fix it for us ), by checking the image bellow: // trustedOrigins = [ "https://example.com" ] validateURL("https://attacker.com", "callbackURL") // ❌ APIError, No Redirect validateURL("/\/attacker.com", "callbackURL") // ✅ Redirect to http://attacker.com Regex The issue here is because the regex is not strong enough [^/\\]*?\.example\.com[/\\]*? ( this is the regex it will be created if we have a wildcard as config ), but we can bypass by using a payload like: // trustedOrigins = [ "*.example.com" ] ┌──────────────────┐ ┌────────────────┐ ┌─────────────────┐ │ None of [ "/\" ] │ ────▶ │ ".example.com" │ ────▶ │ One of [ "/\" ] │ └──────────────────┘ └────────────────┘ └─────────────────┘ demo .example.com / ✅ Redirect to https://example.com d...
Source: Github Advisory Database (NPM)
February 24th, 2025 (4 months ago)

CVE-2025-26803

Description: The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method. References https://nvd.nist.gov/vuln/detail/CVE-2025-26803 https://github.com/phusion/passenger/commit/bb15591646687064ab2d578d5f9660b2a4168017 https://blog.phusion.nl/2025/02/19/passenger-6-0-26 https://github.com/phusion/passenger/compare/release-6.0.25...release-6.0.26 https://github.com/phusion/passenger/releases/tag/release-6.0.26 https://www.phusionpassenger.com/support https://github.com/advisories/GHSA-2cj2-qqxj-5m3r

EPSS Score: 0.18%

Source: Github Advisory Database (RubyGems)
February 24th, 2025 (4 months ago)
Description: Treasury workers don't know who the person is or why he is sending emails from a "Secretary of the Treasury" email address.
Source: 404 Media
February 24th, 2025 (4 months ago)
Description: Russia's National Coordination Center for Computer Incidents (NKTsKI) is warning organizations in the country's credit and financial sector about a breach at LANIT, a major Russian IT service and software provider. [...]
Source: BleepingComputer
February 24th, 2025 (4 months ago)

CVE-2025-27364

Description: In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web request to the Caldera server API used for compiling and downloading of Caldera's Sandcat or Manx agent (implants). This web request can use the gcc -extldflags linker flag with sub-commands.

CVSS: CRITICAL (10.0)

EPSS Score: 0.56%

SSVC Exploitation: poc

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-26530

Description: The question bank filter required additional sanitizing to prevent a reflected XSS risk.

CVSS: HIGH (8.3)

EPSS Score: 0.05%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-26529

Description: Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

CVSS: HIGH (8.3)

EPSS Score: 0.05%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-26528

Description: The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.

CVSS: LOW (3.4)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (4 months ago)

CVE-2025-26527

Description: Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
February 24th, 2025 (4 months ago)