CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0784 |
Description: A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.59 is able to address this issue. It is recommended to upgrade the affected component. In Intelbras InControl bis 2.21.58 wurde eine problematische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /v1/usuario/ der Komponente Registered User Handler. Durch Beeinflussen mit unbekannten Daten kann eine cleartext transmission of sensitive information-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 2.21.59 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: MEDIUM (6.3) EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-0783 |
Description: A vulnerability, which was classified as problematic, was found in pankajindevops scale up to 20241113. This affects an unknown part of the component API Endpoint. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Es wurde eine problematische Schwachstelle in pankajindevops scale bis 20241113 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Komponente API Endpoint. Durch das Beeinflussen mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verfügbar.
CVSS: MEDIUM (5.3) EPSS Score: 0.07%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-0781 |
Description: An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level.
CVSS: HIGH (8.6) EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-0754 |
Description: The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to log injection and spoofing attacks. Such injections can mislead logging mechanisms, enabling attackers to manipulate log entries or execute reflected cross-site scripting (XSS) attacks.
EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-0752 |
Description: A flaw was found in OpenShift Service Mesh 2.6.3 and 2.5.6. Rate-limiter avoidance, access-control bypass, CPU and memory exhaustion, and replay attacks may be possible due to improper HTTP header sanitization in Envoy.
EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-0750 |
Description: A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories.
EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-0736 |
Description: A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors.
EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-0659 |
Description: A path
traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character
sequence in the body of the vulnerable endpoint, it is possible to overwrite
files outside of the intended directory. A threat actor with admin privileges could
leverage this vulnerability to overwrite reports including user projects.
CVSS: HIGH (7.0) EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-0631 |
Description: A Credential Exposure Vulnerability exists in the above-mentioned product and version. The vulnerability is due to using HTTP resulting in credentials being sent in clear text.
CVSS: HIGH (8.7) EPSS Score: 0.04%
January 29th, 2025 (5 months ago)
|
|
CVE-2025-0432 |
Description: EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage.
CVSS: MEDIUM (6.9) EPSS Score: 0.05%
January 29th, 2025 (5 months ago)
|