CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26495 |
Description: Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.This issue affects Tableau Server: before 2022.1.3, before 2021.4.8, before 2021.3.13, before 2021.2.14, before 2021.1.16, before 2020.4.19.
EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2025-26494 |
Description: Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server allows Authentication Bypass.This issue affects Tableau Server: from 2023.3 through 2023.3.5.
EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2025-26493 |
Description: In JetBrains TeamCity before 2024.12.2 several DOM-based XSS were possible on the Code Inspection Report tab
CVSS: MEDIUM (4.6) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2025-26492 |
Description: In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources
CVSS: HIGH (7.7) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2025-26491 |
Description: A vulnerability has been identified in Opcenter Intelligence (All versions < V2501). Server-side request forgery (SSRF) vulnerability in Tableau Server. For details go to help.salesforce.com and search for knowledge article id 001534936.
CVSS: HIGH (7.7) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2025-26490 |
Description: A vulnerability has been identified in Opcenter Intelligence (All versions < V2501). Personal access token disclosure vulnerability in Tableau Server. For details go to help.salesforce.com and search for knowledge article id 000390611.
CVSS: MEDIUM (4.9) EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2025-26411 |
Description: An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web interface to be able to conduct this attack. This issue is fixed in recent firmware versions BSP >= 6.1.0.
EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2025-26410 |
Description: The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered credentials can be used to log into the device via the login shell that is exposed by the serial interface. The backdoor user has been removed in firmware BSP >= 6.4.1.
EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2025-26409 |
Description: A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed in recent firmware versions BSP >= 6.4.1.
EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|
|
CVE-2025-26408 |
Description: The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected.
EPSS Score: 0.04%
February 12th, 2025 (5 months ago)
|