CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Source: TheRegister
January 21st, 2025 (6 months ago)
Description: A threat actor known as “Ay4me” has put up for sale a trove of 318 million records on BreachForums, claiming the data was stolen from Otelier, a cloud-based hotel management platform. The stolen database, totaling 7.8TB, reportedly contains sensitive information from major hotel chains such as Marriott, Hilton, and Hyatt. The data leak was disclosed … The post Threat Actor Claims Sale of 318 Million Otelier Records appeared first on CyberInsider.
Source: CyberInsider
January 21st, 2025 (6 months ago)
Description: The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests. The AnyDesk requests claim to be for conducting an audit to assess the "level of security," CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to
Source: TheHackerNews
January 21st, 2025 (6 months ago)
Source: TheRegister
January 21st, 2025 (6 months ago)
Description: FortiWeb provided by Fortinet, Inc. contains an SQL injection vulnerability.
Source: Japan Vulnerability Notes (JVN)
January 21st, 2025 (6 months ago)

CVE-2025-24337

Description: WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.

CVSS: HIGH (8.4)

EPSS Score: 0.05%

Source: CVE
January 21st, 2025 (6 months ago)

CVE-2025-24014

Description: Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

CVSS: MEDIUM (4.2)

EPSS Score: 0.04%

Source: CVE
January 21st, 2025 (6 months ago)

CVE-2025-24013

Description: CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers with Header class. This could disrupt application functionality, potentially causing errors or generating invalid HTTP requests. In some cases, these malformed requests might lead to a DoS scenario if a remote service’s web application firewall interprets them as malicious and blocks further communication with the application. This vulnerability is fixed in 4.5.8.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
January 21st, 2025 (6 months ago)

CVE-2025-24010

Description: Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 21st, 2025 (6 months ago)

CVE-2025-23221

Description: Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim’s server into an infinite loop causing Denial of Service. Moreover, this issue can also be maneuvered into performing a Blind SSRF attack. This vulnerability is fixed in 1.0.14, 1.1.11, 1.2.11, and 1.3.4.

CVSS: MEDIUM (5.4)

EPSS Score: 0.06%

Source: CVE
January 21st, 2025 (6 months ago)