CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description:
The U.S. Department of Health and Human Services (HHS) is wasting workers’ time and taxpayer dollars on “a witch hunt to find any content deemed ‘bad,’” according to a source familiar with the work and internal communications viewed by 404 Media. Specifically, people who
February 21st, 2025 (5 months ago)
|
CVE-2025-26014 |
Description: A Remote Code Execution (RCE) vulnerability in Loggrove v.1.0 allows a remote attacker to execute arbitrary code via the path parameter.
EPSS Score: 0.07%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-26013 |
Description: An issue in Loggrove v.1.0 allows a remote attacker to obtain sensitive information via the read.py component.
EPSS Score: 0.05%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-1546 |
Description: A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Affected by this vulnerability is the function log_operate_clear of the file /webui/modules/log/operate.mds. The manipulation of the argument start_code leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In BDCOM Behavior Management and Auditing System bis 20250210 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft die Funktion log_operate_clear der Datei /webui/modules/log/operate.mds. Durch Manipulieren des Arguments start_code mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 7.3%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-1403 |
Description: Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library.
CVSS: HIGH (8.6) EPSS Score: 0.12%
February 21st, 2025 (5 months ago)
|
|
CVE-2024-45673 |
Description: IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
February 21st, 2025 (5 months ago)
|
|
|
Description: Stateside Has Been Claimed a Victim to INC RANSOM Ransomware
February 21st, 2025 (5 months ago)
|
|
|
Description: An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country.
Founded in 1995, TopSec ostensibly offers services such as Endpoint Detection and Response (EDR) and vulnerability scanning. But it's also providing "boutique" solutions in order
February 21st, 2025 (5 months ago)
|
|
|
Description: Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data.
The development was first reported by Bloomberg.
ADP for iCloud is an optional setting that ensures that users' trusted devices retain sole access to the encryption keys used to unlock data stored in its
February 21st, 2025 (5 months ago)
|
|
|
Description: This week, we discuss the new Murderbot show, ChatGPT for journalism, and birdwatching from afar.
February 21st, 2025 (5 months ago)
|