CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-1115
RT-Thread lwp_syscall.c sys_thread_create information disclosure
Description: A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_thread_create of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument arg[0] leads to information disclosure. An attack has to be approached locally. In RT-Thread bis 5.1.0 wurde eine problematische Schwachstelle entdeckt. Das betrifft die Funktion sys_thread_create der Datei rt-thread/components/lwp/lwp_syscall.c. Dank Manipulation des Arguments arg[0] mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden.

CVSS: LOW (3.3)

EPSS Score: 0.05%

Source: CVE
February 9th, 2025 (5 months ago)

CVE-2025-0316
WP Directorybox Manager <= 2.5 - Authentication Bypass
Description: The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_enquiry_agent_contact_form_submit_callback' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.

CVSS: CRITICAL (9.8)

EPSS Score: 0.09%

Source: CVE
February 9th, 2025 (5 months ago)

CVE-2025-0169
DWT - Directory & Listing WordPress Theme <=3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description: The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
February 9th, 2025 (5 months ago)

CVE-2024-54176
IBM UrbanCode Deploy missing authentication
Description: IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

Source: CVE
February 9th, 2025 (5 months ago)

CVE-2024-31419
Cnv: information disclosure through the usage of vm-dump-metrics
Description: An information disclosure flaw was found in OpenShift Virtualization. The DownwardMetrics feature was introduced to expose host metrics to virtual machine guests and is enabled by default. This issue could expose limited host metrics of a node to any guest in any namespace without being explicitly enabled by an administrator.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
February 9th, 2025 (5 months ago)

CVE-2024-1722
Keycloak-core: dos via account lockout
Description: A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.

CVSS: LOW (3.7)

EPSS Score: 0.07%

Source: CVE
February 9th, 2025 (5 months ago)

CVE-2024-1454
Opensc: memory use after free in authentic driver when updating token info
Description: The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.

EPSS Score: 0.05%

Source: CVE
February 9th, 2025 (5 months ago)

CVE-2024-13850
Simple add pages or posts <= 2.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description: The Simple add pages or posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

CVSS: MEDIUM (5.5)

EPSS Score: 0.05%

Source: CVE
February 9th, 2025 (5 months ago)
Keymous Targeted the Website of Polish Police
Description: Keymous Targeted the Website of Polish Police
Source: DarkWebInformer
February 8th, 2025 (5 months ago)
A Threat Actor Claims to have Leaked the Data of VideoToolBox
Description: A Threat Actor Claims to have Leaked the Data of VideoToolBox
Source: DarkWebInformer
February 8th, 2025 (5 months ago)