CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
Source: TheRegister
June 9th, 2025 (19 days ago)
Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere
Description: This examination of the Amazon Web Services (AWS) Roles Anywhere service looks at potential risks, analyzed from both defender and attacker perspectives. The post Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere appeared first on Unit 42.
Source: Palo Alto Unit42
June 9th, 2025 (19 days ago)
Unpatched Account Takeover Vulnerability in PayU CommercePro Plugin
Description: The TI WooCommerce Wishlist plugin, with over 100,000 active installs, is vulnerable to an unauthenticated file upload vulnerability (CVE-2025-47577). The post Unpatched Account Takeover Vulnerability in PayU CommercePro Plugin appeared first on Patchstack.

CVSS: CRITICAL (10.0)

EPSS Score: 0.06%

Source: PatchStack
June 9th, 2025 (19 days ago)

CVE-2025-5869
RT-Thread lwp_syscall.c sys_recvfrom memory corruption
Description: A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sys_recvfrom of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument from leads to memory corruption. Es wurde eine Schwachstelle in RT-Thread 5.1.0 gefunden. Sie wurde als kritisch eingestuft. Dabei betrifft es die Funktion sys_recvfrom der Datei rt-thread/components/lwp/lwp_syscall.c. Durch das Beeinflussen des Arguments from mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden.

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: CVE
June 9th, 2025 (19 days ago)

CVE-2025-5868
RT-Thread lwp_syscall.c sys_thread_sigprocmask array index
Description: A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function sys_thread_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index. Eine Schwachstelle wurde in RT-Thread 5.1.0 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion sys_thread_sigprocmask der Datei rt-thread/components/lwp/lwp_syscall.c. Durch Manipulieren des Arguments how mit unbekannten Daten kann eine improper validation of array index-Schwachstelle ausgenutzt werden.

CVSS: HIGH (8.0)

EPSS Score: 0.03%

Source: CVE
June 9th, 2025 (19 days ago)
🏴‍☠️ Nightspire has just published a new victim : Al Tadawi Specialty Hospital
Description: Al Tadawi Specialty Hospital
Source: Ransomware.live
June 9th, 2025 (19 days ago)

CVE-2025-5894
Honding Technology Smart Parking Management System - Missing Authorization
Description: Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create administrator accounts, and subsequently log into the system using those accounts.

CVSS: HIGH (8.8)

EPSS Score: 0.12%

Source: CVE
June 9th, 2025 (19 days ago)

CVE-2025-5867
RT-Thread lwp_syscall.c csys_sendto null pointer dereference
Description: A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference. In RT-Thread 5.1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion csys_sendto der Datei rt-thread/components/lwp/lwp_syscall.c. Durch das Manipulieren des Arguments to mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden.

CVSS: HIGH (8.6)

EPSS Score: 0.04%

Source: CVE
June 9th, 2025 (19 days ago)
Cross-Site Scripting (XSS) reflejado en Bagisto
Description: Reflected Cross-Site Scripting (XSS) in Bagisto Mon, 06/09/2025 - 09:52 Aviso Affected Resources Bagisto, v2.0.0. Description INCIBE has coordinated the publication of a mĂŠdium severity vulnerability affecting Bagisto, an eCommerce software. The vulnerability was discovered by Gonzalo Aguilar GarcĂ­a (6h4ack).This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:CVE-2025-40675: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79 Identificador INCIBE-2025-0299 3 - Medium Solution The Bagisto team assures that the vulnerability is no longer found in version 2.2.3. Detail CVE-2025-40675: A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter query in /search. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. References list Bagisto Etiquetas 0day ...

EPSS Score: 0.06%

Source: Incibe CERT
June 9th, 2025 (19 days ago)
Are technologists a threat to doing business securely?
Source: TheRegister
June 9th, 2025 (19 days ago)