CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1606 |
Description: A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In SourceCodester Best Employee Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalität der Datei /admin/backup/backups.php. Durch die Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03% SSVC Exploitation: poc
February 24th, 2025 (4 months ago)
|
|
CVE-2025-1488 |
Description: The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the 'redirect_to' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if 1. they can successfully trick them into performing an action and 2. the plugin is activated but not configured.
CVSS: MEDIUM (4.7) EPSS Score: 0.02%
February 24th, 2025 (4 months ago)
|
|
Description: The Australian government has officially banned the use of Kaspersky Lab's cybersecurity products and web services across all government systems, citing national security risks. The ban, outlined in PSPF Direction 002-2025, requires all non-corporate Commonwealth entities to remove existing Kaspersky software and prevent future installations by April 1, 2025. The directive was issued by Stephanie …
The post Australia Bans Kaspersky Over National Security Concerns appeared first on CyberInsider.
February 24th, 2025 (4 months ago)
|
|
|
Description: Google Cloud has announced quantum-safe digital signatures in Google Cloud Key Management Service (Cloud KMS) for software-based keys as a way to bulletproof encryption systems against the threat posed by cryptographically-relevant quantum computers.
The feature, currently in preview, coexists with the National Institute of Standards and Technology's (NIST) post-quantum cryptography (PQC)
February 24th, 2025 (4 months ago)
|
|
|
Description: Ransomware doesn’t hit all at once—it slowly floods your defenses in stages. Like a ship subsumed with water, the attack starts quietly, below the surface, with subtle warning signs that are easy to miss. By the time encryption starts, it’s too late to stop the flood.
Each stage of a ransomware attack offers a small window to detect and stop the threat before it’s too late. The problem is
February 24th, 2025 (4 months ago)
|
|
|
Description: Australia has become the latest country to ban the installation of security software from Russian company Kaspersky, citing national security concerns.
"After considering threat and risk analysis, I have determined that the use of Kaspersky Lab, Inc. products and web services by Australian Government entities poses an unacceptable security risk to Australian Government, networks and data,
February 24th, 2025 (4 months ago)
|
|
|
Description: The cryptocurrency industry has been rocked by the largest digital asset theft in history, as hackers stole approximately $1.5 billion from Bybit, a Dubai-based crypto exchange. Initial investigations suggest the attackers manipulated a multisig cold wallet by deceiving signers through a compromised user interface (UI), marking a significant evolution in attack tactics. Cybersecurity firms, including …
The post Record $1.5 billion Bybit hack undermines trust in crypto security appeared first on CyberInsider.
February 24th, 2025 (4 months ago)
|
|
CVE-2025-25279 |
Description: Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards.
CVSS: CRITICAL (9.9) EPSS Score: 4.4%
February 24th, 2025 (4 months ago)
|
|
CVE-2025-24526 |
Description: Mattermost versions 10.1.x <= 10.1.3, 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to restrict channel export of archived channels when the "Allow users to view archived channels" is disabled which allows a user to export channel contents when they shouldn't have access to it
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
February 24th, 2025 (4 months ago)
|
|
CVE-2025-24490 |
Description: Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to use prepared statements in the SQL query of boards reordering which allows an attacker to retrieve data from the database, via a SQL injection when reordering specially crafted boards categories.
CVSS: CRITICAL (9.6) EPSS Score: 0.03%
February 24th, 2025 (4 months ago)
|