CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0739 |
Description: An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing the "SUSCBRIPTION_ID" param of the endpoint "/demos/embedai/subscriptions/show/".
CVSS: HIGH (8.6) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0683 |
Description: In its default configuration, the affected product transmits plain-text patient data to a hard-coded public IP address when a patient is hooked up to the monitor. This could lead to a leakage of confidential patient data to any device with that IP address or an attacker in a machine-in-the-middle scenario.
CVSS: HIGH (8.2) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0681 |
Description: The Cloud MQTT service of the affected products supports wildcard topic
subscription which could allow an attacker to obtain sensitive
information from tapping the service communications.
CVSS: MEDIUM (6.9) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0680 |
Description: Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0662 |
Description: In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14 uninitialized bytes of kernel memory being copied out to userspace.
It is possible for an unprivileged userspace program to leak 14 bytes of a kernel heap allocation to userspace.
EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0626 |
Description: The affected product sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor and lead to a malicious actor being able to upload and overwrite files on the device.
CVSS: HIGH (7.7) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0574 |
Description: Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of URLs in the web server module. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-25318.
CVSS: HIGH (8.2) EPSS Score: 0.05%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0573 |
Description: Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of the current user. Was ZDI-CAN-25309.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0572 |
Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability
Description: Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability.
The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to write files in the context of the current user. Was ZDI-CAN-25308.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
January 31st, 2025 (5 months ago)
|
|
CVE-2025-0571 |
Description: Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability.
The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-25305.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 31st, 2025 (5 months ago)
|