CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-57971
DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at...
Description: DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does not ensure that java:comp/env/jdbc/ occurs at the beginning of a JNDI Name.

CVSS: CRITICAL (9.1)

EPSS Score: 0.05%

Source: CVE
February 17th, 2025 (5 months ago)

CVE-2024-57970
libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it...
Description: libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.

CVSS: MEDIUM (4.0)

EPSS Score: 0.04%

Source: CVE
February 17th, 2025 (5 months ago)

CVE-2024-44044
WordPress Oshine Modules plugin < 3.3.8 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Oshine Modules allows Reflected XSS. This issue affects Oshine Modules: from n/a through n/a.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
February 17th, 2025 (5 months ago)

CVE-2024-0532
Tenda A15 Web-based Management Interface WifiExtraSet set_repeat5 stack-based overflow
Description: A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects the function set_repeat5 of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g/wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In Tenda A15 15.13.07.13 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion set_repeat5 der Datei /goform/WifiExtraSet der Komponente Web-based Management Interface. Dank Manipulation des Arguments wpapsk_crypto2_4g/wpapsk_crypto5g mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (8.6)

EPSS Score: 0.78%

Source: CVE
February 17th, 2025 (5 months ago)
New FinalDraft malware abuses Outlook mail service for stealthy comms
Description: A new malware called FinalDraft has been using Outlook email drafts for command-and-control communication in attacks against a ministry in a South American country. [...]
Source: BleepingComputer
February 17th, 2025 (5 months ago)
Google Chrome's AI-powered security feature rolls out to everyone
Description: Google Chrome has updated the existing "Enhanced protection" feature with AI to offer "real-time" protection against dangerous websites, downloads and extensions.  [...]
Source: BleepingComputer
February 17th, 2025 (5 months ago)
Fujitsu worries US tariffs will see its clients slow digital spend
Source: TheRegister
February 17th, 2025 (5 months ago)
GHNA Claims to be Selling Access to a Hong Kong-Based Cryptocurrency Staking Company
Description: GHNA Claims to be Selling Access to a Hong Kong-Based Cryptocurrency Staking Company
Source: DarkWebInformer
February 16th, 2025 (5 months ago)
This open text-to-speech model needs just seconds of audio to clone your voice
Source: TheRegister
February 16th, 2025 (5 months ago)
Mr Hamza Targeted the Website of Israel Defense Forces
Description: Mr Hamza Targeted the Website of Israel Defense Forces
Source: DarkWebInformer
February 16th, 2025 (5 months ago)