CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-0131

Description: NVIDIA GPU kernel driver for Windows and Linux contains a vulnerability where a potential user-mode attacker could read  a buffer with an incorrect length. A successful exploit of this vulnerability might lead to denial of service.

CVSS: MEDIUM (4.4)

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)
Description: The first Apple-notarized porn app, "Hot Tub," is now available to iPhone users in Europe through the alternative app marketplace, AltStore PAL. [...]
Source: BleepingComputer
February 4th, 2025 (5 months ago)

CVE-2025-24959

Description: Impact This vulnerability is an Environment Variable Injection issue in dotenv.stringify, affecting google/zx version 8.3.1. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for security-sensitive operations. Applications that process untrusted input and pass it through dotenv.stringify are particularly vulnerable. Patches This issue has been patched in version 8.3.2. Users should immediately upgrade to this version to mitigate the vulnerability. Workarounds If upgrading is not feasible, users can mitigate the vulnerability by sanitizing user-controlled environment variable values before passing them to dotenv.stringify. Specifically, avoid using ", ', and backticks in values, or enforce strict validation of environment variables before usage. References Issue Report Security Policy Google Vulnerability Disclosure Patch References https://github.com/google/zx/security/advisories/GHSA-qwp8-x4ff-5h87 https://nvd.nist.gov/vuln/detail/CVE-2025-24959 https://github.com/google/zx/pull/1094 https://github.com/google/zx/commit/5ba714d14ecf0555a74d4db96622840ac19839c5 https://github.com/webpod/envapi/blob/v0.2.1/src/main/ts/envapi.ts#L74-L77 https://github.com/advisories/GHSA-qwp8-x4ff-5h87

EPSS Score: 0.04%

Source: Github Advisory Database (NPM)
February 3rd, 2025 (5 months ago)
Source: Dark Reading
February 3rd, 2025 (5 months ago)
Source: Dark Reading
February 3rd, 2025 (5 months ago)
Source: Dark Reading
February 3rd, 2025 (5 months ago)
Source: TheRegister
February 3rd, 2025 (5 months ago)
Description: Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
Source: Dark Reading
February 3rd, 2025 (5 months ago)
Description: Cybercriminals posted nearly 6,000 breaches to data-leak sites last year — and despite significant takedowns, continued to thrive in a record-breaking year for ransomware.
Source: Dark Reading
February 3rd, 2025 (5 months ago)
Description: Amazon has announced key security enhancements for Redshift, a popular data warehousing solution, to help prevent data exposures due to misconfigurations and insecure default settings. [...]
Source: BleepingComputer
February 3rd, 2025 (5 months ago)