CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-24503
A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.
Description: A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2025-24502
An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an...
Description: An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2025-24501
An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request.
Description: An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2025-24500
The vulnerability allows an unauthenticated attacker to access information in PAM database.
Description: The vulnerability allows an unauthenticated attacker to access information in PAM database.

CVSS: HIGH (8.7)

EPSS Score: 0.04%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2025-24376
The kubewarden-controller AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources
Description: kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced resources. The resources to be evaluated are determined by the rules provided by the user when defining the policy. There might be Kubernetes namespaced resources that should not be validated by AdmissionPolicy and by the AdmissionPolicyGroup policies because of their sensitive nature. For example, PolicyReport are namespaced resources that contain the list of non compliant objects found inside of a namespace. An attacker can use either an AdmissionPolicy or an AdmissionPolicyGroup to prevent the creation and update of PolicyReport objects to hide non-compliant resources. Moreover, the same attacker might use a mutating AdmissionPolicy to alter the contents of the PolicyReport created inside of the namespace. Starting from the 1.21.0 release, the validation rules applied to AdmissionPolicy and AdmissionPolicyGroup have been tightened to prevent them from validating sensitive types of namespaced resources.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2025-24099
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3. A local...
Description: The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3. A local attacker may be able to elevate their privileges.

EPSS Score: 0.05%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2025-23374
Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into...
Description: Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

CVSS: HIGH (8.0)

EPSS Score: 0.05%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2025-23367
Org.wildfly.core:wildfly-server: wildfly improper rbac permission
Description: A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.

EPSS Score: 0.05%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2025-23216
Argo CD does not scrub secret values from patch errors
Description: Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally or unintentionally, by committing an invalid Secret to repository and triggering a Sync. Once exploited, any user with read access to Argo CD can view the exposed secret data. The vulnerability is fixed in v2.13.4, v2.12.10, and v2.11.13.

CVSS: MEDIUM (6.8)

EPSS Score: 0.05%

Source: CVE
January 31st, 2025 (5 months ago)

CVE-2025-23007
A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially...
Description: A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation.

EPSS Score: 0.04%

Source: CVE
January 31st, 2025 (5 months ago)