CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-5875
TP-Link TL-IPC544EP-W4 main sub_69064 buffer overflow
Description: A vulnerability classified as critical has been found in TP-Link TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n. Affected is the function sub_69064 of the file /bin/main. The manipulation of the argument text leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine kritische Schwachstelle in TP-Link TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n entdeckt. Betroffen hiervon ist die Funktion sub_69064 der Datei /bin/main. Durch Manipulation des Arguments text mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
June 9th, 2025 (17 days ago)

CVE-2025-5874
Redash getattr python.py run_query sandbox
Description: A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as critical. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in Redash bis 10.1.0/25.1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion run_query der Datei /query_runner/python.py der Komponente getattr Handler. Durch die Manipulation mit unbekannten Daten kann eine sandbox issue-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.1)

EPSS Score: 0.03%

Source: CVE
June 9th, 2025 (17 days ago)

CVE-2025-41444
SQL Injection
Description: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.

CVSS: HIGH (8.3)

EPSS Score: 0.06%

Source: CVE
June 9th, 2025 (17 days ago)

CVE-2025-36528
SQL Injection
Description: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.

CVSS: HIGH (8.3)

EPSS Score: 0.06%

Source: CVE
June 9th, 2025 (17 days ago)

CVE-2025-27709
SQL Injection
Description: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports.

CVSS: HIGH (8.3)

EPSS Score: 0.06%

Source: CVE
June 9th, 2025 (17 days ago)
Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise
Description: You don’t need a rogue employee to suffer a breach. All it takes is a free trial that someone forgot to cancel. An AI-powered note-taker quietly syncing with your Google Drive. A personal Gmail account tied to a business-critical tool. That’s shadow IT. And today, it’s not just about unsanctioned apps, but also dormant accounts, unmanaged identities, over-permissioned SaaS
Source: TheHackerNews
June 9th, 2025 (17 days ago)
NHS calls for 1 million blood donors as UK stocks remain low following cyberattack
Description: A cyberattack on London hospitals last year led to the depletion of stocks of crucial O-type blood, and the U.K.'s National Health Service is calling for a nationwide effort to shore up supplies.
Source: The Record
June 9th, 2025 (17 days ago)
Múltiples vulnerabilidades en TCMAN GIM
Description: Multiple vulnerabilities in TCMAN GIM Mon, 06/09/2025 - 13:32 Aviso Affected Resources GIM, 11 version. Description INCIBE has coordinated the publication of 3 vulnerabilities of medium severity, affecting TCMAN's GIM, a maintenance management software. The vulnerabilities have been discovered by Jorge Riopedre Vega.These vulnerabilities have been assigned the following code, CVSS v4.0 base score, CVSS vector and vulnerability CWE type:CVE-2025-40668 to CVE-2025-40670: CVSS v4.0: 7.1 | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N | CWE-863 Identificador INCIBE-2025-0300 3 - Medium Solution The vulnerabilities have been fixed by the TCMAN team. The manufacturer has reported that the vulnerabilities are not found in the latest version of GIM Web version 20250128. Detail CVE-2025-40668: incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in /PC/WebService.aspx/validateChangePassword%C3%B1a. To exploit the vulnerability the PasswordActual parameter must be empty.CVE-2025-40669: incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows a...

EPSS Score: 0.04%

Source: Incibe CERT
June 9th, 2025 (17 days ago)

CVE-2025-5873
eCharge Hardy Barth Salia PLCC Web UI firmware.php unrestricted upload
Description: A vulnerability was found in eCharge Hardy Barth Salia PLCC 2.2.0. It has been declared as critical. This vulnerability affects unknown code of the file /firmware.php of the component Web UI. The manipulation of the argument media leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In eCharge Hardy Barth Salia PLCC 2.2.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /firmware.php der Komponente Web UI. Mit der Manipulation des Arguments media mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
June 9th, 2025 (17 days ago)

CVE-2025-5872
eGauge EG3000 Energy Monitor Setting missing authentication
Description: A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine Schwachstelle in eGauge EG3000 Energy Monitor 3.6.3 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente Setting Handler. Dank Manipulation mit unbekannten Daten kann eine missing authentication-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.06%

Source: CVE
June 9th, 2025 (17 days ago)