CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Summary
Arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking (CSWSH) attacks.
Details
When api option is enabled (Vitest UI enables it), Vitest starts a WebSocket server. This WebSocket server did not check Origin header and did not have any authorization mechanism and was vulnerable to CSWSH attacks.
https://github.com/vitest-dev/vitest/blob/9a581e1c43e5c02b11e2a8026a55ce6a8cb35114/packages/vitest/src/api/setup.ts#L32-L46
This WebSocket server has saveTestFile API that can edit a test file and rerun API that can rerun the tests. An attacker can execute arbitrary code by injecting a code in a test file by the saveTestFile API and then running that file by calling the rerun API.
https://github.com/vitest-dev/vitest/blob/9a581e1c43e5c02b11e2a8026a55ce6a8cb35114/packages/vitest/src/api/setup.ts#L66-L76
PoC
Open Vitest UI.
Access a malicious web site with the script below.
If you have calc executable in PATH env var (you'll likely have it if you are running on Windows), that application will be executed.
// code from https://github.com/WebReflection/flatted
const Flatted=function(n){"use strict";function t(n){return t="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(n){return typeof n}:function(n){return n&&"function"==typeof Symbol&&n.constructor===Symbol&&n!==Symbol.prototype?"symbol":typeof n},t(n)}var r=JSON.parse,e=JSON.stringify,o=Object.keys,u=String,f="string",i={...
February 4th, 2025 (5 months ago)
|
|
|
Description: Netgear has fixed two critical remote code execution and authentication bypass vulnerabilities affecting multiple WiFi routers and warned customers to update their devices to the latest firmware as soon as possible. [...]
February 4th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor is Selling a Fake Safeguard Bot
February 4th, 2025 (5 months ago)
|
|
|
Description: Outlining the expectations for the minimum requirement for forensic visibility, to help network defenders secure organisational networks both before and after a compromise.
February 4th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor Claims to be Selling the Data of Transak
February 4th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor is Selling an Advanced FUD PowerShell-to-EXE Converter Tool
February 4th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor is Selling HANNIBAL Stealer
February 4th, 2025 (5 months ago)
|
|
|
Description: Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems.
The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to
February 4th, 2025 (5 months ago)
|
CVE-2025-0630 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 6.0
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Western Telematic Inc
Equipment: NPS Series, DSM Series, CPM Series
Vulnerability: External Control of File Name or Path
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an authenticated attacker to gain privileged access to files on the device's filesystem.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Western Telematic Inc products are affected:
Network Power Switch (NPS Series): Firmware Version 6.62 and prior
Console Server (DSM Series): Firmware Version 6.62 and prior
Console Server + PDU Combo Unit (CPM Series): Firmware Version 6.62 and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 External Control of File Name or Path CWE-73
Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a Local File Inclusion Attack (LFI), where any authenticated user has privileged access to files on the device's filesystem.
CVE-2025-0630 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
A CVSS v4 score has also been calculated for CVE-2025-0630. A base score of 6.0 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Communications
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: United States
...
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-11425 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.7
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC
Vulnerability: Incorrect Calculation of Buffer Size
2. RISK EVALUATION
Successful exploitation of this vulnerability could cause a denial-of-service of the product when an unauthenticated user sends a crafted HTTPS packet to the webserver.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Modicon M580 PLCs, BMENOR2200H and EVLink Pro AC are affected:
Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety): Versions prior to SV4.30
Modicon M580 CPU Safety (part numbers BMEP58-S and BMEH58-S): Versions prior to SV4.21
BMENOR2200H: All versions
EVLink Pro AC: Versions prior to v1.3.10
3.2 VULNERABILITY OVERVIEW
3.2.1 INCORRECT CALCULATION OF BUFFER SIZE CWE-131
The affected product is vulnerable to an incorrect calculation of buffer size vulnerability which could cause a denial-of-service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver.
CVE-2024-11425 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
A CVSS v4 score has also been calculated for CVE-2024-11425. A base score of 8.7 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGRO...
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|