CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-25743
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module.
Description: D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module.

EPSS Score: 0.05%

Source: CVE
February 13th, 2025 (5 months ago)

CVE-2025-25742
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the AccountPassword parameter in the...
Description: D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the AccountPassword parameter in the SetSysEmailSettings module.

EPSS Score: 0.1%

Source: CVE
February 13th, 2025 (5 months ago)

CVE-2025-25741
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the IPv6_PppoePassword parameter in the...
Description: D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the IPv6_PppoePassword parameter in the SetIPv6PppoeSettings module.

EPSS Score: 0.04%

Source: CVE
February 13th, 2025 (5 months ago)

CVE-2025-25351
PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter.
Description: PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the dateexpense parameter.

EPSS Score: 0.11%

Source: CVE
February 13th, 2025 (5 months ago)

CVE-2025-25349
PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter.
Description: PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection in /dets/add-expense.php via the costitem parameter.

EPSS Score: 0.11%

Source: CVE
February 13th, 2025 (5 months ago)

CVE-2025-25343
Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function.
Description: Tenda AC6 V15.03.05.16 firmware has a buffer overflow vulnerability in the formexeCommand function.

EPSS Score: 0.12%

Source: CVE
February 13th, 2025 (5 months ago)

CVE-2025-25283
parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memory
Description: parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to ~50ms per one operation, with a varying size from 0.01 MB and up to 4.3 MB respectively, and an out of memory that would crash a running Node.js application due to a string size of roughly 10 MB that utilizes unicode characters. Version 2.1.3 contains a patch.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
February 13th, 2025 (5 months ago)

CVE-2025-25205
Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matching
Description: Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings like "/api/items/1/cover" in a query parameter (?r=/api/items/1/cover) to partially bypass authentication or trigger server crashes under certain routes. This could lead to information disclosure of otherwise protected data and, in some cases, a complete denial of service (server crash) if downstream code expects an authenticated user object. Version 2.19.1 contains a patch for the issue.

CVSS: HIGH (8.2)

EPSS Score: 0.05%

Source: CVE
February 13th, 2025 (5 months ago)

CVE-2025-25201
Improper Validation of Admin Key in PIV Smartcard
Description: Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the application. An attacker without access to the proper administration key would be able to generate new keys and overwrite certificates. Such an attacker would not be able to read-out or extract existing private data, nor would they be able to gain access to cryptographic operations that would normally require PIN-based authentication. The issue is fixed in piv-authenticator 0.3.9, and in Nitrokey's firmware 1.8.1.

CVSS: MEDIUM (4.0)

EPSS Score: 0.05%

Source: CVE
February 13th, 2025 (5 months ago)

CVE-2025-25200
Koa has Inefficient Regular Expression Complexity
Description: Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the `X-Forwarded-Proto` and `X-Forwarded-Host` HTTP headers. This can be exploited to carry out a Denial-of-Service attack. Versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3 fix the issue.

CVSS: CRITICAL (9.2)

EPSS Score: 0.04%

Source: CVE
February 13th, 2025 (5 months ago)