CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5869 |
Description: A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument from leads to memory corruption. Es wurde eine Schwachstelle in RT-Thread 5.1.0 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion sys_recvfrom der Datei rt-thread/components/lwp/lwp_syscall.c. Durch das Beeinflussen des Arguments from mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden.
CVSS: HIGH (8.6) EPSS Score: 0.04%
June 9th, 2025 (18 days ago)
|
|
CVE-2025-5868 |
Description: A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index. Eine Schwachstelle wurde in RT-Thread 5.1.0 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion sys_thread_sigprocmask der Datei rt-thread/components/lwp/lwp_syscall.c. Durch Manipulieren des Arguments how mit unbekannten Daten kann eine improper validation of array index-Schwachstelle ausgenutzt werden.
CVSS: HIGH (8.0) EPSS Score: 0.03%
June 9th, 2025 (18 days ago)
|
|
Description: Al Tadawi Specialty Hospital
June 9th, 2025 (18 days ago)
|
|
CVE-2025-5894 |
Description: Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create administrator accounts, and subsequently log into the system using those accounts.
CVSS: HIGH (8.8) EPSS Score: 0.12%
June 9th, 2025 (18 days ago)
|
|
CVE-2025-5867 |
Description: A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference. In RT-Thread 5.1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion csys_sendto der Datei rt-thread/components/lwp/lwp_syscall.c. Durch das Manipulieren des Arguments to mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden.
CVSS: HIGH (8.6) EPSS Score: 0.04%
June 9th, 2025 (18 days ago)
|
|
Description: Reflected Cross-Site Scripting (XSS) in Bagisto
Mon, 06/09/2025 - 09:52
Aviso
Affected Resources
Bagisto, v2.0.0.
Description
INCIBE has coordinated the publication of a mĂŠdium severity vulnerability affecting Bagisto, an eCommerce software. The vulnerability was discovered by Gonzalo Aguilar GarcĂa (6h4ack).This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:CVE-2025-40675: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79
Identificador
INCIBE-2025-0299
3 - Medium
Solution
The Bagisto team assures that the vulnerability is no longer found in version 2.2.3.
Detail
CVE-2025-40675: A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter query in /search. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
References list
Bagisto
Etiquetas
0day
...
EPSS Score: 0.06%
June 9th, 2025 (18 days ago)
|
|
June 9th, 2025 (18 days ago)
|
|
Description: Why âthinking bigâ is required to shift the dynamics of the technology market.
June 9th, 2025 (18 days ago)
|
|
Description: OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among other things.
"The [Russian-speaking] actor used our models to assist with developing and refining
June 9th, 2025 (18 days ago)
|
|
CVE-2025-5893 |
Description: Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.
CVSS: CRITICAL (9.8) EPSS Score: 0.11%
June 9th, 2025 (18 days ago)
|