CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A Threat Actor Claims to be Selling Access to an Unidentified Magento Store in the USA
January 22nd, 2025 (6 months ago)
|
|
|
Description: Zuckerberg seems to enjoy the spam that has taken over his flagship product.
January 22nd, 2025 (6 months ago)
|
CVE-2025-23028 |
Description: Impact
In a Kubernetes cluster where Cilium is configured to proxy DNS traffic, an attacker can crash Cilium agents by sending a crafted DNS response to workloads from outside the cluster.
For traffic that is allowed but without using DNS-based policy, the dataplane will continue to pass traffic as configured at the time of the DoS. For workloads that have DNS-based policy configured, existing connections may continue to operate, and new connections made without relying on DNS resolution may continue to be established, but new connections which rely on DNS resolution may be disrupted. Any configuration changes that affect the impacted agent may not be applied until the agent is able to restart.
Patches
This issue affects:
Cilium v1.14 between v1.14.0 and v1.14.17 inclusive
Cilium v1.15 between v1.15.0 and v1.15.11 inclusive
Cilium v1.16 between v1.16.0 and v1.16.4 inclusive
This issue is fixed in:
Cilium v1.14.18
Cilium v1.15.12
Cilium v1.16.5
Workarounds
There are no known workarounds to this issue.
Acknowledgements
The Cilium community has worked together with members of Isovalent and the Cisco Advanced Security Initiatives Group (ASIG) to prepare these mitigations. Special thanks to @kokelley-cisco for reporting this issue and @bimmlerd for the fix.
For more information
If you have any questions or comments about this advisory, please reach out on Slack.
If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our secu...
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
|
CVE-2025-23047 |
Description: Impact
For users who deploy Hubble UI using either Cilium CLI or via the Cilium Helm chart, an insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure. A user with access to a Hubble UI instance affected by this issue could leak configuration details about the Kubernetes cluster which Hubble UI is monitoring, including node names, IP addresses, and other metadata about workloads and the cluster networking configuration. In order for this vulnerability to be exploited, a victim would have to first visit a malicious page.
Patches
This issue was patched in https://github.com/cilium/cilium/commit/a3489f190ba6e87b5336ee685fb6c80b1270d06d
This issue affects:
Cilium between v1.14.0 and v1.14.18 inclusive
Cilium between v1.15.0 and v1.15.12 inclusive
Cilium between v1.16.0 and v1.16.5 inclusive
This issue is patched in:
Cilium v1.14.19
Cilium v1.15.13
Cilium v1.16.6
Workarounds
Users who deploy Hubble UI using the Cilium Helm chart directly can remove the CORS headers from the Helm template as shown in the patch.
Acknowledgements
The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @ciffelia for reporting this issue and to @geakstr for the fix.
For more information
If you have any questions or comments about this advisory, please reach out on Slack.
If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list...
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
|
CVE-2025-24027 |
Description: Impact
This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned.
For example, if your shop has a third party module vulnerable to SQL injections, then ps_contactinfo might execute a stored XSS in FO.
Patches
The long term fix is to have all your modules maintained and updated.
The fix on ps_contactinfo will keep formatted addresses from displaying an xss stored in the database.
Workarounds
none
References
none
References
https://github.com/PrestaShop/ps_contactinfo/security/advisories/GHSA-35pq-7pv2-2rfw
https://nvd.nist.gov/vuln/detail/CVE-2025-24027
https://github.com/PrestaShop/ps_contactinfo/commit/d60f9a5634b4fc2d3a8831fb08fe2e1f23cbfa39
https://github.com/advisories/GHSA-35pq-7pv2-2rfw
CVSS: MEDIUM (6.2) EPSS Score: 0.04%
January 22nd, 2025 (6 months ago)
|
|
CVE-2025-0604 |
Description: A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD restrictions. The issue enables authentication bypass and could allow unauthorized access under certain conditions.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-0604
https://access.redhat.com/security/cve/CVE-2025-0604
https://bugzilla.redhat.com/show_bug.cgi?id=2338993
https://github.com/advisories/GHSA-m3hp-8546-5qmr
CVSS: MEDIUM (5.4) EPSS Score: 0.05%
January 22nd, 2025 (6 months ago)
|
|
|
Description: Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code. [...]
January 22nd, 2025 (6 months ago)
|
|
CVE-2025-0282 |
Description: Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more information on mitigating CVE -2025-0282 and CVE-2025-0283, see Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways.
Summary
The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory in response to exploitation in September 2024 of vulnerabilities in Ivanti Cloud Service Appliances (CSA): CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a SQL injection vulnerability; and CVE-2024-8190 and CVE-2024-9380, remote code execution vulnerabilities.
According to CISA and trusted third-party incident response data, threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials, and implant webshells on victim networks. The actors’ primary exploit paths were two vulnerability chains. One exploit chain leveraged CVE-2024-8963 in conjunction with CVE-2024-8190 and CVE-2024-9380 and the other exploited CVE-2024-8963 and CVE-2024-9379. In one confirmed compromise, the actors moved laterally to two servers.
All four vulnerabilities affect Ivanti CSA version 4.6x versions before 519, and two of the vulnerabilities (CVE-2024-9379 and CVE-2024-9380) affect CSA versions 5.0.1 and below; according to Ivanti, t...
CVSS: CRITICAL (9.0) EPSS Score: 15.33%
January 22nd, 2025 (6 months ago)
|
|
|
Description: Ddarknotevil Claims to be Selling the Data of NEOM
January 22nd, 2025 (6 months ago)
|
|
|
Description: The hacker who breached education tech giant PowerSchool claimed in an extortion demand that they've stolen the personal data of 62.4 million students and 9.5 million teachers, BleepingComputer has learned. [...]
January 22nd, 2025 (6 months ago)
|