CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Skyvern through 0.2.0 has a Jinja runtime leak in sdk/workflow/models/block.py.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-49619
https://github.com/Skyvern-AI/skyvern/commit/db856cd8433a204c8b45979c70a4da1e119d949d
https://cristibtz.github.io/posts/CVE-2025-49619
https://github.com/advisories/GHSA-h92g-3xc3-ww2r
CVSS: HIGH (8.5) EPSS Score: 0.34%
June 9th, 2025 (17 days ago)
|
|
|
Description: Summary
The env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user installations, this allows non-super-admin users with campaign or template permissions to use the {{ env }} template expression to capture sensitive environment variables.
Upgrade to v5.0.2 to mitigate.
Demonstration
Description
A critical template injection vulnerability exists in Listmonk's campaign preview functionality that allows authenticated users with minimal privileges (campaigns:get & campaigns:get_all) to extract sensitive system data, including database credentials, SMTP passwords, and admin credentials due to some dangerous function being allowed.
Proof of Concept
Create a user and give him campaigns:get and campaigns:get_all privileges
Now login with that user, go to any campaign, go the Content section and here lies the vulnerability, we're able to execute template content which allows us to get environment variables, execute Sprig functions...
Now in the text field you can input the following and press Preview:
{{ env "AWS_KEY" }}
{{ env "LISTMONK_db__user" }}
{{ env "LISTMONK_db__password" }}
Preview:
I had the AWS_KEY variable set like that to confirm the vulnerability:
Impact
Through these environment variables the attacker can access, they can fully compromise the database, cloud accounts, admin credentials, and more dependi...
June 9th, 2025 (17 days ago)
|
|
|
Description: The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-25207
https://access.redhat.com/security/cve/CVE-2025-25207
https://bugzilla.redhat.com/show_bug.cgi?id=2347421
https://github.com/advisories/GHSA-r8xr-pgv5-gxw3
CVSS: MEDIUM (5.7) EPSS Score: 0.04%
June 9th, 2025 (17 days ago)
|
|
Description: President Donald J. Trump signed a sweeping Executive Order that rewrites U.S. cybersecurity policy, dismantling key Biden- and Obama-era directives and reshaping federal priorities around software security, AI, and digital identity. The changes are positioned as a return to “technical and organizational professionalism” in the cyber domain. The new Executive Order amends Executive Orders 14144 …
The post Trump Revokes Digital ID and AI Security Measures in Cyber Policy Shift appeared first on CyberInsider.
June 9th, 2025 (17 days ago)
|
|
Description: Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable security engineers Arnie Cabral and Jason Schavel share how you can use risk-based metrics. You can read the entire Exposure Management Academy series here.We’re information security engineers at Tenable. If you’re anything like us, you spend your days on the front lines of the battle against a constantly changing set of cybersecurity threats. No matter your role, you probably face any number of complex challenges to stay one step ahead of the bad guys. To be most effective, you need to move beyond operating across silos toward bringing all of the data together. Exposure management helps bring this all together. Maybe you’re contemplating a move to exposure management or maybe you’ve already started the shift. (Not sure how mature your program is? Check out the Tenable exposure management security assessment.) No matter where you are, exposure management represents a fundamental shift toward a unified view of exposures across the attack surface. It involves continuously discovering, assessing, prioritizing and remediating all types of security exposures, including vulnerabilities, misconfigurations and excessive permissions across various assets. As we like to say, “give us all the things.”In our roles, we are helping Tenable move in this direction. So we thought we’d share some of our...
June 9th, 2025 (17 days ago)
|
|
Description: Authorities said they busted a ring responsible for illegally extracting citizens' data from Kazakhstan's government networks and distributing it through Telegram and other ways.
June 9th, 2025 (17 days ago)
|
CVE-2025-5875 |
Description: A vulnerability classified as critical has been found in TP-Link TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n. Affected is the function sub_69064 of the file /bin/main. The manipulation of the argument text leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine kritische Schwachstelle in TP-Link TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n entdeckt. Betroffen hiervon ist die Funktion sub_69064 der Datei /bin/main. Durch Manipulation des Arguments text mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.08%
June 9th, 2025 (17 days ago)
|
|
CVE-2025-5874 |
Description: A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as critical. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in Redash bis 10.1.0/25.1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion run_query der Datei /query_runner/python.py der Komponente getattr Handler. Durch die Manipulation mit unbekannten Daten kann eine sandbox issue-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.1) EPSS Score: 0.03%
June 9th, 2025 (17 days ago)
|
|
CVE-2025-41444 |
Description: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module.
CVSS: HIGH (8.3) EPSS Score: 0.06%
June 9th, 2025 (17 days ago)
|
|
CVE-2025-36528 |
Description: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports.
CVSS: HIGH (8.3) EPSS Score: 0.06%
June 9th, 2025 (17 days ago)
|