CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-24783

Description: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cocoon. This issue affects Apache Cocoon: all versions. When a continuation is created, it gets a random identifier. Because the random number generator used to generate these identifiers was seeded with the startup time, it may not have been sufficiently unpredictable, and an attacker could use this to guess continuation ids and look up continuations they should not have had access to. As a mitigation, you may enable the "session-bound-continuations" option to make sure continuations are not shared across sessions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. References https://nvd.nist.gov/vuln/detail/CVE-2025-24783 https://lists.apache.org/thread/pk86jp5cvn41432op8wv1k8p14mp27nz https://github.com/apache/cocoon/blob/32a4e41183ba74351d85060011151b2d58acfc52/blocks/cocoon-forms/cocoon-forms-impl/src/main/java/org/apache/cocoon/forms/formmodel/CaptchaField.java#L70 https://github.com/apache/cocoon/blob/32a4e41183ba74351d85060011151b2d58acfc52/core/cocoon-sitemap/cocoon-sitemap-impl/src/main/java/org/apache/cocoon/components/flow/ContinuationsManagerImpl.java#L112 https://github.com/advisories/GHSA-pff9-53m5-qr56

EPSS Score: 0.04%

Source: Github Advisory Database (Maven)
January 27th, 2025 (5 months ago)
Description: A Threat Actor Claims to be Selling Multiple Traders Leads Data
Source: DarkWebInformer
January 27th, 2025 (5 months ago)
Description: Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025. [...]
Source: BleepingComputer
January 27th, 2025 (5 months ago)
Source: TheRegister
January 27th, 2025 (5 months ago)
Description: A Threat Actor Claims to have Leaked Sensitive Information of Pirelli Tire LLC
Source: DarkWebInformer
January 27th, 2025 (5 months ago)
Description: A set of three distinct but related attacks, dubbed 'Clone2Leak,' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. [...]
Source: BleepingComputer
January 27th, 2025 (5 months ago)
Description: /// Why a relatively unknown Chinese-developed AI model has turned the AI industry on its head.
Source: 404 Media
January 27th, 2025 (5 months ago)
Description: IntelBroker, EnergyWeaponUser, and Alex218 Claim to have Leaked the Data of Asia Recruit Malaysia
Source: DarkWebInformer
January 27th, 2025 (5 months ago)
Description: Counter Claims to have Leaked the Data of Pt. Deen Dayal Upadhyay Management College (DDUMC)
Source: DarkWebInformer
January 27th, 2025 (5 months ago)
Description: A Threat Actor Claims to have Leaked the Data of Atlas Pakistan (Pvt.) Ltd
Source: DarkWebInformer
January 27th, 2025 (5 months ago)