CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-40669 |
Description: Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to modify the permissions held by each of the application's users, including the user himself by sending a POST request to /PC/Options.aspx?Command=2&Page=-1.
CVSS: HIGH (7.1) EPSS Score: 0.03%
June 9th, 2025 (17 days ago)
|
|
CVE-2025-40668 |
Description: Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an attacker, with low privilege level, to change the password of other users through a POST request using the parameters idUser, PasswordActual, PasswordNew and PasswordNewRepeat in /PC/WebService.aspx/validateChangePassword%C3%B1a. To exploit the vulnerability the PasswordActual parameter must be empty.
CVSS: HIGH (7.1) EPSS Score: 0.04%
June 9th, 2025 (17 days ago)
|
|
CVE-2024-42367 |
Description: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants (`.gz` or `.br` extension) are vulnerable to path traversal outside the root directory if those variants are symbolic links. The server protects static routes from path traversal outside the root directory when `follow_symlinks=False` (default). It does this by resolving the requested URL to an absolute path and then checking that path relative to the root. However, these checks are not performed when looking for compressed variants in the `FileResponse` class, and symbolic links are then automatically followed when performing the `Path.stat()` and `Path.open()` to send the file. Version 3.10.2 contains a patch for the issue.
CVSS: MEDIUM (4.8) EPSS Score: 0.24% SSVC Exploitation: none
June 9th, 2025 (17 days ago)
|
|
Description: EUC Zealand was established in 1999 through a merger between the technical schools in Køge, Haslev and NÌstved and has since been expanded with two centers for labor market education. Today, EUC Zealand has branches in NÌstved, Køge, Haslev and Greve.
June 9th, 2025 (17 days ago)
|
|
Description: Skyvern through 0.2.0 has a Jinja runtime leak in sdk/workflow/models/block.py.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-49619
https://github.com/Skyvern-AI/skyvern/commit/db856cd8433a204c8b45979c70a4da1e119d949d
https://cristibtz.github.io/posts/CVE-2025-49619
https://github.com/advisories/GHSA-h92g-3xc3-ww2r
CVSS: HIGH (8.5) EPSS Score: 0.34%
June 9th, 2025 (17 days ago)
|
|
|
Description: Summary
The env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user installations, this allows non-super-admin users with campaign or template permissions to use the {{ env }} template expression to capture sensitive environment variables.
Upgrade to v5.0.2 to mitigate.
Demonstration
Description
A critical template injection vulnerability exists in Listmonk's campaign preview functionality that allows authenticated users with minimal privileges (campaigns:get & campaigns:get_all) to extract sensitive system data, including database credentials, SMTP passwords, and admin credentials due to some dangerous function being allowed.
Proof of Concept
Create a user and give him campaigns:get and campaigns:get_all privileges
Now login with that user, go to any campaign, go the Content section and here lies the vulnerability, we're able to execute template content which allows us to get environment variables, execute Sprig functions...
Now in the text field you can input the following and press Preview:
{{ env "AWS_KEY" }}
{{ env "LISTMONK_db__user" }}
{{ env "LISTMONK_db__password" }}
Preview:
I had the AWS_KEY variable set like that to confirm the vulnerability:
Impact
Through these environment variables the attacker can access, they can fully compromise the database, cloud accounts, admin credentials, and more dependi...
June 9th, 2025 (17 days ago)
|
|
|
Description: The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-25207
https://access.redhat.com/security/cve/CVE-2025-25207
https://bugzilla.redhat.com/show_bug.cgi?id=2347421
https://github.com/advisories/GHSA-r8xr-pgv5-gxw3
CVSS: MEDIUM (5.7) EPSS Score: 0.04%
June 9th, 2025 (17 days ago)
|
|
Description: President Donald J. Trump signed a sweeping Executive Order that rewrites U.S. cybersecurity policy, dismantling key Biden- and Obama-era directives and reshaping federal priorities around software security, AI, and digital identity. The changes are positioned as a return to âtechnical and organizational professionalismâ in the cyber domain. The new Executive Order amends Executive Orders 14144 âŚ
The post Trump Revokes Digital ID and AI Security Measures in Cyber Policy Shift appeared first on CyberInsider.
June 9th, 2025 (17 days ago)
|
|
Description: Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable security engineers Arnie Cabral and Jason Schavel share how you can use risk-based metrics. You can read the entire Exposure Management Academy series here.Weâre information security engineers at Tenable. If youâre anything like us, you spend your days on the front lines of the battle against a constantly changing set of cybersecurity threats. No matter your role, you probably face any number of complex challenges to stay one step ahead of the bad guys. To be most effective, you need to move beyond operating across silos toward bringing all of the data together. Exposure management helps bring this all together. Maybe youâre contemplating a move to exposure management or maybe youâve already started the shift. (Not sure how mature your program is? Check out the Tenable exposure management security assessment.) No matter where you are, exposure management represents a fundamental shift toward a unified view of exposures across the attack surface. It involves continuously discovering, assessing, prioritizing and remediating all types of security exposures, including vulnerabilities, misconfigurations and excessive permissions across various assets. As we like to say, âgive us all the things.âIn our roles, we are helping Tenable move in this direction. So we thought weâd share some of our...
June 9th, 2025 (17 days ago)
|
|
Description: Authorities said they busted a ring responsible for illegally extracting citizens' data from Kazakhstan's government networks and distributing it through Telegram and other ways.
June 9th, 2025 (17 days ago)
|