CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: KuCoin's operator, PEKEN Global Limited, pleaded guilty to operating an unlicensed money-transmitting business and agreed to pay $297 million in penalties to settle charges in the U.S. [...]
January 31st, 2025 (5 months ago)
|
CVE-2025-24886 |
Description: pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates repositories, a check is performed to see if the repository had contained any symlinks. A malicious user could craft a repository with symlinks pointed to sensitive files and then retrieve them using the CTFd website.
CVSS: HIGH (7.7) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-24885 |
Description: pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS.
CVSS: HIGH (7.6) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-24883 |
Description: go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.
CVSS: HIGH (8.7) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-24802 |
Description: Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always include the 0 -> 0 input-output pair. Thus a malicious prover can always prove that f(0) = 0 for any lookup table f (unless its length happens to be divisible by 26). The cause of problem is that the LookupTableGate-s are padded with zeros. A workaround from the user side is to extend the table (by repeating some entries) so that its length becomes divisible by 26. This vulnerability is fixed in 1.0.1.
CVSS: HIGH (8.6) EPSS Score: 0.05%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-24784 |
Description: kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it’s considered safe to allow non-admin users to create and manage these resources in the namespaces they own. Kubewarden policies can be allowed to query the Kubernetes API at evaluation time; these types of policies are called “context aware“. Context aware policies can perform list and get operations against a Kubernetes cluster. The queries are done using the ServiceAccount of the Policy Server instance that hosts the policy. That means that access to the cluster is determined by the RBAC rules that apply to that ServiceAccount. The AdmissionPolicyGroup CRD allowed the deployment of context aware policies. This could allow an attacker to obtain information about resources that are out of their reach, by leveraging a higher access to the cluster granted to the ServiceAccount token used to run the policy. The impact of this vulnerability depends on the privileges that have been granted to the ServiceAccount used to run the Policy Server and assumes that users are using the recommended best practices of keeping the Policy Server's ServiceAccount least privileged. By default, the Kubewarden helm chart grants access to the following resources (cluster wide) only: Namespace, Pod, Deployment and In...
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-24507 |
Description: This vulnerability allows appliance compromise at boot time.
CVSS: HIGH (8.9) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-24506 |
Description: A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-24505 |
Description: This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.
CVSS: HIGH (8.8) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-24504 |
Description: An improper input validation the CSRF filter results in unsanitized user input written to the application logs.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|