CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
A Threat Actor Allegedly Leaked the Data of V2F Company
Description: A Threat Actor Allegedly Leaked the Data of V2F Company
Source: DarkWebInformer
February 6th, 2025 (5 months ago)
[rudloff/rtmpdump-bin] Multiple rtmpdump vulnerabilities
Description: The version of rtmpdump contained in this package has multiple known vulnerabilities. Patches This package is abandoned and should not be used anymore. There is no patched release. Workarounds You should install rmtpdump from another source. References https://github.com/advisories/GHSA-fm48-q5qq-894j https://github.com/advisories/GHSA-pfv7-grcx-8gcc https://github.com/advisories/GHSA-hg4c-2mw4-gwpm References https://github.com/Rudloff/rtmpdump-bin/security/advisories/GHSA-vrpv-vw92-328g https://github.com/advisories/GHSA-fm48-q5qq-894j https://github.com/advisories/GHSA-hg4c-2mw4-gwpm https://github.com/advisories/GHSA-pfv7-grcx-8gcc https://github.com/advisories/GHSA-vrpv-vw92-328g
Source: Github Advisory Database (Composer)
February 6th, 2025 (5 months ago)
[mitmproxy] Mitmweb API Authentication Bypass Using Proxy Server
Description: Impact In mitmweb 11.1.0 and below, a malicious client can use mitmweb's proxy server (bound to *:8080 by default) to access mitmweb's internal API (bound to 127.0.0.1:8081 by default). In other words, while the client cannot access the API directly (good), they can access the API through the proxy (bad). An attacker may be able to escalate this SSRF-style access to remote code execution. The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected. The block_global option, which is enabled by default, blocks connections originating from publicly-routable IP addresses in the proxy. The attacker needs to be in the same local network. Patches The vulnerability has been fixed in mitmproxy 11.1.2 and above. Acknowledgements We thank Stefan Grönke (@gronke) for reporting this vulnerability as part of a security audit by Radically Open Security. This audit was supported by the NGI0 Entrust fund established by NLnet. Timeline 2025-01-14: Received initial report. 2025-01-14: Verified report and confirmed receipt. 2025-01-19: Shared patch with researcher. 2025-02-04: Received final confirmation that patch is working. 2025-02-05: Published patched release and advisory. References https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-wg33-5h85-7q5p https://github.com/mitmproxy/mitmproxy/commit/fa89055e196d953f11fd241e36ee37858993486a https://github.com/mitmproxy/mitmproxy/blob/main/CHANGELOG.md https://github.com/advisories/GHSA-wg33-5h85-7q5p
Source: Github Advisory Database (PIP)
February 6th, 2025 (5 months ago)
SimpleHelp RMM flaws exploited to breach corporate networks
Description: Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks. [...]
Source: BleepingComputer
February 6th, 2025 (5 months ago)

CVE-2025-0411
7-Zip Mark of the Web Bypass Vulnerability
Description: 7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user.

CVSS: HIGH (7.0)

EPSS Score: 0.4%

Source: CISA KEV
February 6th, 2025 (5 months ago)

CVE-2022-23748
Dante Discovery Process Control Vulnerability
Description: Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code.

CVSS: HIGH (7.8)

Source: CISA KEV
February 6th, 2025 (5 months ago)

CVE-2024-21413
Microsoft Outlook Improper Input Validation Vulnerability
Description: Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.

CVSS: CRITICAL (9.8)

Source: CISA KEV
February 6th, 2025 (5 months ago)

CVE-2020-29574
CyberoamOS (CROS) SQL Injection Vulnerability
Description: CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.

CVSS: CRITICAL (9.8)

Source: CISA KEV
February 6th, 2025 (5 months ago)

CVE-2020-15069
Sophos XG Firewall Buffer Overflow Vulnerability
Description: Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.

CVSS: CRITICAL (9.8)

Source: CISA KEV
February 6th, 2025 (5 months ago)
Counter Claims to have Leaked the Data of Ten Ten Shoes
Description: Counter Claims to have Leaked the Data of Ten Ten Shoes
Source: DarkWebInformer
February 6th, 2025 (5 months ago)