CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-10811	Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote... Description: Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
CVE-2024-10630	A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application... Description: A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. CVSS: HIGH (7.8) EPSS Score: 0.04% Source: CVE January 25th, 2025 (5 months ago)
	Daily Dose of Dark Web Informer - January 24th, 2025 Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts. Source: DarkWebInformer January 24th, 2025 (5 months ago)
	AI chatbot startup founder, lawyer wife accused of ripping off investors in $60M fraud Source: TheRegister January 24th, 2025 (5 months ago)
CVE-2024-57556	[store2] Cross Site Scripting vulnerability in store2 Description: Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component References https://nvd.nist.gov/vuln/detail/CVE-2024-57556 https://github.com/nbubna/store/issues/127 https://github.com/nbubna/store/pull/128 https://github.com/advisories/GHSA-w5hq-hm5m-4548 EPSS Score: 0.05% Source: Github Advisory Database (NPM) January 24th, 2025 (5 months ago)
	A Threat Actor Claims to be Selling the Data of Pharmacy2U Ltd Description: A Threat Actor Claims to be Selling the Data of Pharmacy2U Ltd Source: DarkWebInformer January 24th, 2025 (5 months ago)
	CISOs Are Gaining C-Suite Swagger, but Has It Come With a Cost? Description: The number of CISOs who report directly to the CEO is up sharply in recent years, but many still say it's not enough to secure adequate resources. Source: Dark Reading January 24th, 2025 (5 months ago)
	DoJ Busts Up Another Multinational DPRK IT Worker Scam Description: A departmentwide initiative has now led to five major law enforcement actions, in an attempt to curb the increasingly common trend of North Korean hackers posing as IT job applicants. Source: Dark Reading January 24th, 2025 (5 months ago)
	[org.hl7.fhir.publisher:org.hl7.fhir.publisher.core] HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information Description: Impact In CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username and credential. This does not impact users that clone public repos without credentials, such as those using the auto-ig-build continuous integration infrastructure. Patches This problem has been patched in release 1.8.9 Workarounds Users should update to 1.8.9 or the latest release OR Users should ensure the IG repo they are publishing does not have username or credentials included in the origin URL. Running the command git remote origin url should return a URL that contains no username, password, or token. OR Users should run the IG Publisher CLI with the -repo parameter and specify a URL that contains no username, password, or token. References https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-6729-95v3-pjc2 https://github.com/advisories/GHSA-6729-95v3-pjc2 Source: Github Advisory Database (Maven) January 24th, 2025 (5 months ago)
	[org.hl7.fhir.publisher:org.hl7.fhir.publisher.cli] HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information Description: Impact In CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username and credential. This does not impact users that clone public repos without credentials, such as those using the auto-ig-build continuous integration infrastructure. Patches This problem has been patched in release 1.8.9 Workarounds Users should update to 1.8.9 or the latest release OR Users should ensure the IG repo they are publishing does not have username or credentials included in the origin URL. Running the command git remote origin url should return a URL that contains no username, password, or token. OR Users should run the IG Publisher CLI with the -repo parameter and specify a URL that contains no username, password, or token. References https://github.com/HL7/fhir-ig-publisher/security/advisories/GHSA-6729-95v3-pjc2 https://github.com/advisories/GHSA-6729-95v3-pjc2 Source: Github Advisory Database (Maven) January 24th, 2025 (5 months ago)