CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27105 |
Description: vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write portion of the statement. This issue has been addressed in version 0.4.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: LOW (2.3) EPSS Score: 0.05%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-27104 |
Description: vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects produced in the loop body (e.g. read a storage variable updated in the loop body) and thus lead to unexpected program behavior. Specifically, reads in iterators which contain an ifexp (e.g. `for s: uint256 in ([read(), read()] if True else [])`) may interleave reads with writes in the loop body. Vyper for loops allow two kinds of iterator targets, namely the `range()` builtin and an iterable type, like SArray and DArray. During codegen, iterable lists are required to not produce any side-effects (in the following code, `range_scope` forces `iter_list` to be parsed in a constant context, which is checked against `is_constant`). However, this does not prevent the iterator from consuming side effects provided by the body of the loop. For SArrays on the other hand, `iter_list` is instantiated in the body of a `repeat` ir, so it can be evaluated several times. This issue is being addressed and is expected to be available in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.
CVSS: LOW (2.3) EPSS Score: 0.05%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-26622 |
Description: vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating final states may lead to sqrt incorrectly returning rounded up results. This issue is being addressed and a fix is expected in version 0.4.1. Users are advised to upgrade as soon as the patched release is available. There are no known workarounds for this vulnerability.
CVSS: LOW (2.3) EPSS Score: 0.03%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-25282 |
Description: RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability that may lead to unauthorized cross-tenant access (list tenant user accounts, add user account into other tenant). Unauthorized cross-tenant access: list user from other tenant (e.g., via GET //user/list), add user account to other tenant (POST //user). This issue has not yet been patched. Users are advised to reach out to the project maintainers to coordinate a fix.
CVSS: HIGH (8.1) EPSS Score: 0.03%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-27100 |
Description: Impact
An authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue.
Patches
This problem has been patched and exists in versions 1.49.1 and below
Workarounds
On S3 backends, configure
# ...
blockstore:
s3:
disable_pre_signed_multipart: true
or set environment variable LAKEFS_BLOCKSTORE_S3_DISABLE_PRE_SIGNED_MULTIPART to true.
References
Are there any links users can visit to find out more?
References
https://github.com/treeverse/lakeFS/security/advisories/GHSA-j7jw-28jm-whr6
https://nvd.nist.gov/vuln/detail/CVE-2025-27100
https://github.com/treeverse/lakeFS/commit/3a625752acdf3f8e137bec20451e71d0f9fa82f2
https://github.com/advisories/GHSA-j7jw-28jm-whr6
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-1403 |
Description: Impact
A maliciously crafted QPY file containing a malformed symengine serialization stream as part of the larger QPY serialization of a ParameterExpression object can cause a segfault within the symengine library, allowing an attacker to terminate the hosting process deserializing the QPY payload.
Patches
This issue is addressed in 1.3.0 when using QPY format version 13. QPY format versions 10, 11, and 12 are all still inherently vulnerable if they are using symengine symbolic encoding and symengine <= 0.13.0 is installed in the deserializing environment (as of publishing there is no newer compatible release of symengine available). Using QPY 13 is strongly recommended for this reason.
The symengine 0.14.0 release has addressed the segfault issue, but it is backward incompatible and will not work with any Qiskit release; it also prevents loading a payload generated with any other version of symengine. Using QPY 13 is strongly recommended for this reason.
It is also strongly suggested to patch the locally installed version of symengine in the deserializing environment to prevent the specific segfault. The commit [1] can be applied on top of symengine 0.13.0 and used to build a patched python library that will not segfault in the presence of a malformed payload and instead raise a RuntimeError which will address the vulnerability.
Workarounds
As QPY is backwards compatible qiskit.qpy.load() function will always attempt to deserialize the symengine-serialized payloads in QPY...
CVSS: HIGH (8.6) EPSS Score: 0.12%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-1403 |
Description: Impact
A maliciously crafted QPY file containing a malformed symengine serialization stream as part of the larger QPY serialization of a ParameterExpression object can cause a segfault within the symengine library, allowing an attacker to terminate the hosting process deserializing the QPY payload.
Patches
This issue is addressed in 1.3.0 when using QPY format version 13. QPY format versions 10, 11, and 12 are all still inherently vulnerable if they are using symengine symbolic encoding and symengine <= 0.13.0 is installed in the deserializing environment (as of publishing there is no newer compatible release of symengine available). Using QPY 13 is strongly recommended for this reason.
The symengine 0.14.0 release has addressed the segfault issue, but it is backward incompatible and will not work with any Qiskit release; it also prevents loading a payload generated with any other version of symengine. Using QPY 13 is strongly recommended for this reason.
It is also strongly suggested to patch the locally installed version of symengine in the deserializing environment to prevent the specific segfault. The commit [1] can be applied on top of symengine 0.13.0 and used to build a patched python library that will not segfault in the presence of a malformed payload and instead raise a RuntimeError which will address the vulnerability.
Workarounds
As QPY is backwards compatible qiskit.qpy.load() function will always attempt to deserialize the symengine-serialized payloads in QPY...
CVSS: HIGH (8.6) EPSS Score: 0.12%
February 21st, 2025 (5 months ago)
|
|
Description: One of 2024's most active ransomware outfits has been asleep through early 2025, thanks to reality-show-style, behind-the-scenes drama.
February 21st, 2025 (5 months ago)
|
|
CVE-2025-1555 |
Description: A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. This vulnerability affects the function saveImage. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In hzmanyun Education and Training System 3.1.1 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion saveImage. Dank Manipulation des Arguments file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.06%
February 21st, 2025 (5 months ago)
|
|
|
Description: Google continues its rollout of gradually disabling uBlock Origin and other Manifest V2-based extensions in the Chrome web browser as part of its efforts to push users to Manifest V3-based extensions. [...]
February 21st, 2025 (5 months ago)
|