CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks.
The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States.
January 8th, 2025 (6 months ago)
|
|
|
Description: The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices.
"IoT products can be susceptible to a range of security vulnerabilities," the U.S. Federal Communications Commission (FCC) said. "Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear
January 8th, 2025 (6 months ago)
|
|
|
Description: The southern African telco is the latest entity on the continent to have its critical infrastructure hacked, and attackers release sensitive info online when Telecom Namibia refuses to negotiate.
January 8th, 2025 (6 months ago)
|
CVE-2024-41713 |
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The list of vulnerabilities is as follows -
CVE-2024-41713 (CVSS score: 9.1) - A path traversal vulnerability in Mitel MiCollab that could allow an attacker
EPSS Score: 95.44%
January 8th, 2025 (6 months ago)
|
|
|
Description: Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform. [...]
January 8th, 2025 (6 months ago)
|
|
|
Description: MZK-DP300N provided by PLANEX COMMUNICATIONS INC. contains a cross-site scripting vulnerability.
January 8th, 2025 (6 months ago)
|
|
|
Description: Xerox FreeFlow Core, part of the Xerox FreeFlow Digital Workflow Collection provided by FUJIFILM Business Innovation Corp. contains multiple vulnerabilities.
January 8th, 2025 (6 months ago)
|
|
CVE-2025-22621 |
Description: In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the “admin“ Splunk roles.
CVSS: MEDIUM (6.4) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2025-22593 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Burria Laika Pedigree Tree allows Stored XSS.This issue affects Laika Pedigree Tree: from n/a through 1.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2025-22592 |
Description: Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Application: from n/a through 1.87.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|