CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Microsoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities. [...]
February 10th, 2025 (5 months ago)
|
|
|
Description: By Aleksandar NikolichEarlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention. IPP over USB specification defines how printers that are available over USB can only still support network printing
February 10th, 2025 (5 months ago)
|
|
|
February 10th, 2025 (5 months ago)
|
|
|
Description: In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one seems minor until it becomes the entry point for an attack.
This week, we’ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question
February 10th, 2025 (5 months ago)
|
CVE-2025-1175 |
Description: Cross-Site Scripting (XSS) vulnerability in Kelio Visio
Mon, 02/10/2025 - 13:15
Aviso
Affected Resources
Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4: versions between 3.2C and 5.1K.
Description
INCIBE has coordinated the publication of a medium severity vulnerability affecting Kelio Visio 1, Visio X7 and Visio X4, a touch-screen punch terminal, which has been discovered by Ismael Pacheco Torrecilla.This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:CVE-2025-1175: CVSS v3.1: 6.1 | CVSS AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | CWE-79
Identificador
INCIBE-2025-0068
3 - Medium
Solution
The vulnerability has been fixed by the Kelio Visio team in versions 4.5E11, 4.6K5 and 5.1L8.
Detail
CVE-2025-1175: Reflected Cross-Site Scripting (XSS) vulnerability in Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4. This vulnerability could allow an attacker to execute a JavaScript payload by making a POST request and injecting malicious code into the editable ‘username’ parameter of the ‘/PageLoginVisio.do’ endpoint.
References list
Product sheet - Kelio Visio
...
EPSS Score: 0.04%
February 10th, 2025 (5 months ago)
|
|
|
Description: Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture.
With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for
February 10th, 2025 (5 months ago)
|
|
CVE-2025-25064 |
Description: Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions.
The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting
EPSS Score: 0.05%
February 10th, 2025 (5 months ago)
|
|
|
February 10th, 2025 (5 months ago)
|
|
CVE-2024-13176 |
Description:
Nessus Plugin ID 215165 with Medium Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0349-1 advisory. - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/215165
EPSS Score: 0.04%
February 10th, 2025 (5 months ago)
|
|
CVE-2024-13176 |
Description:
Nessus Plugin ID 215166 with Medium Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0387-1 advisory. - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected libopenssl-3-devel, libopenssl3 and / or openssl-3 packages.
Read more at https://www.tenable.com/plugins/nessus/215166
EPSS Score: 0.04%
February 10th, 2025 (5 months ago)
|