CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
AngelSense Exposed GPS and Personal Data of Tracked Users
Description: AngelSense, a company specializing in GPS tracking and assistive technology for individuals with special needs, inadvertently exposed a vast amount of sensitive user data due to an unsecured Elasticsearch database. Researchers at UpGuard discovered the data exposure on January 17, 2025, and after multiple attempts to notify the company, the database was finally secured on … The post AngelSense Exposed GPS and Personal Data of Tracked Users appeared first on CyberInsider.
Source: CyberInsider
January 31st, 2025 (5 months ago)
Another banner year for ransomware gangs despite takedowns by the cops
Source: TheRegister
January 31st, 2025 (5 months ago)
Fedora 41 : java-21-openjdk (2025-9f92cbc27f)
Description: Nessus Plugin ID 214835 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-9f92cbc27f advisory. January CPU 2025Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected 1:java-21-openjdk package. Read more at https://www.tenable.com/plugins/nessus/214835
Source: Tenable Plugins
January 31st, 2025 (5 months ago)
Fedora 40 : expat (2024-2462a2fc4c)
Description: Nessus Plugin ID 214836 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-2462a2fc4c advisory. Rebase to version 2.6.4Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected expat package. Read more at https://www.tenable.com/plugins/nessus/214836
Source: Tenable Plugins
January 31st, 2025 (5 months ago)

CVE-2024-52948
Fedora 40 : lemonldap-ng (2025-07901b1995)
Description: Nessus Plugin ID 214837 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-07901b1995 advisory. - [Security][CVE-2024-52948] CSRF on 2FA registration - [Security] Open redirect vulnerability in logoutTenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected lemonldap-ng package. Read more at https://www.tenable.com/plugins/nessus/214837
Source: Tenable Plugins
January 31st, 2025 (5 months ago)

CVE-2024-52948
Fedora 41 : lemonldap-ng (2025-3aa9a75a72)
Description: Nessus Plugin ID 214838 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3aa9a75a72 advisory. - [Security][CVE-2024-52948] CSRF on 2FA registration - [Security] Open redirect vulnerability in logoutTenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected lemonldap-ng package. Read more at https://www.tenable.com/plugins/nessus/214838
Source: Tenable Plugins
January 31st, 2025 (5 months ago)

CVE-2023-30536
Fedora 41 : phpMyAdmin (2025-4b8ab3834c)
Description: Nessus Plugin ID 214839 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-4b8ab3834c advisory. **phpMyAdmin 5.2.2 is released** Welcome to the release of phpMyAdmin version 5.2.2, the I should have released this sooner release. This is primarily a bugfix release but also contains a few security fixes as noted below. * fix possible security issue in sql-parser which could cause long execution times that could create a DOS attack (thanks to Maximilian Krg) * fix an XSS vulnerability in the check tables feature (**PMASA-2025-1**, thanks to bluebird) * fix an XSS vulnerability in the Insert tab (**PMASA-2025-2**, thanks to frequent contributor Kamil Tekiela) * fix possible security issue with library code slim/psr7 (**CVE-2023-30536**) * fix possible security issue relating to iconv (**CVE-2024-2961, PMASA-2025-3**) * fix a full path disclosure in the Monitoring tab * issue #18268 Fix UI issue the theme manager is disabled * issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key * issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling * issue #18106 Fix renaming database with a view * issue #18120 Fix bug with numerical tables durin...

CVSS: MEDIUM (6.5)

Source: Tenable Plugins
January 31st, 2025 (5 months ago)

CVE-2023-30536
Fedora 40 : phpMyAdmin (2025-c17ef0f176)
Description: Nessus Plugin ID 214840 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c17ef0f176 advisory. **phpMyAdmin 5.2.2 is released** Welcome to the release of phpMyAdmin version 5.2.2, the I should have released this sooner release. This is primarily a bugfix release but also contains a few security fixes as noted below. * fix possible security issue in sql-parser which could cause long execution times that could create a DOS attack (thanks to Maximilian Krg) * fix an XSS vulnerability in the check tables feature (**PMASA-2025-1**, thanks to bluebird) * fix an XSS vulnerability in the Insert tab (**PMASA-2025-2**, thanks to frequent contributor Kamil Tekiela) * fix possible security issue with library code slim/psr7 (**CVE-2023-30536**) * fix possible security issue relating to iconv (**CVE-2024-2961, PMASA-2025-3**) * fix a full path disclosure in the Monitoring tab * issue #18268 Fix UI issue the theme manager is disabled * issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key * issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling * issue #18106 Fix renaming database with a view * issue #18120 Fix bug with numerical tables durin...

CVSS: MEDIUM (6.5)

Source: Tenable Plugins
January 31st, 2025 (5 months ago)

CVE-2025-22218
Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft
Description: Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The list of identified flaws, which impact versions 8.x of the software, is below - CVE-2025-22218 (CVSS score: 8.5) - A malicious actor with View Only Admin

CVSS: HIGH (8.5)

EPSS Score: 0.04%

Source: TheHackerNews
January 31st, 2025 (5 months ago)
Google to Iran: Yes, we see you using Gemini for phishing and scripting. We're onto you
Source: TheRegister
January 31st, 2025 (5 months ago)