CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-45337
Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-049)
Description: Nessus Plugin ID 214928 with Critical Severity Synopsis The remote Amazon Linux 2 host is missing a security update. Description The version of containerd installed on the remote host is prior to 1.7.25-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-049 advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that A call to this function does not guarantee that the key offered is in fact used to authenticate. Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does...

EPSS Score: 0.05%

Source: Tenable Plugins
February 4th, 2025 (5 months ago)

CVE-2024-53104
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
Description: Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver. Successful exploitation of the flaw could lead

EPSS Score: 0.04%

Source: TheHackerNews
February 4th, 2025 (5 months ago)

CVE-2025-21396
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
Description: Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service

EPSS Score: 0.09%

Source: TheHackerNews
February 4th, 2025 (5 months ago)
Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform
Description: Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks. This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf
Source: TheHackerNews
February 4th, 2025 (5 months ago)
Why digital resilience is critical to banks
Source: TheRegister
February 4th, 2025 (5 months ago)
WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery
Description: WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability.
Source: Japan Vulnerability Notes (JVN)
February 4th, 2025 (5 months ago)
Daily Dose of Dark Web Informer - February 2nd, 2025
Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
Source: DarkWebInformer
February 4th, 2025 (5 months ago)
PoinCampus - 89,116 breached accounts
Description: In November 2024, the South Korean education platform PoinCampus suffered a data breach which was later published to a popular hacking forum. The data included 89k unique email addresses, names and a small number of phone numbers and dates of birth. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".
Source: HaveIBeenPwnedLatestBreaches
February 4th, 2025 (5 months ago)

CVE-2025-25181
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL...
🚨 Marked as known exploited on March 10th, 2025 (4 months ago).
Description: A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.

CVSS: MEDIUM (5.8)

EPSS Score: 0.05%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2025-25066
nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/ndpi_cache.c.
Description: nDPI through 4.12 has a potential stack-based buffer overflow in ndpi_address_cache_restore in lib/ndpi_cache.c.

CVSS: HIGH (8.1)

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)