CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: The southern African telco is the latest entity on the continent to have its critical infrastructure hacked, and attackers release sensitive info online when Telecom Namibia refuses to negotiate.
January 8th, 2025 (6 months ago)
|
CVE-2024-41713 |
Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The list of vulnerabilities is as follows -
CVE-2024-41713 (CVSS score: 9.1) - A path traversal vulnerability in Mitel MiCollab that could allow an attacker
EPSS Score: 95.44%
January 8th, 2025 (6 months ago)
|
|
|
Description: Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform. [...]
January 8th, 2025 (6 months ago)
|
|
|
Description: MZK-DP300N provided by PLANEX COMMUNICATIONS INC. contains a cross-site scripting vulnerability.
January 8th, 2025 (6 months ago)
|
|
|
Description: Xerox FreeFlow Core, part of the Xerox FreeFlow Digital Workflow Collection provided by FUJIFILM Business Innovation Corp. contains multiple vulnerabilities.
January 8th, 2025 (6 months ago)
|
|
CVE-2025-22621 |
Description: In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the “admin“ Splunk roles.
CVSS: MEDIUM (6.4) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2025-22593 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Burria Laika Pedigree Tree allows Stored XSS.This issue affects Laika Pedigree Tree: from n/a through 1.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2025-22592 |
Description: Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Application: from n/a through 1.87.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2025-22591 |
Description: Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1003 Mortgage Application: from n/a through 1.87.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2025-22590 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Prayer Times Anywhere allows Stored XSS.This issue affects Prayer Times Anywhere: from n/a through 2.0.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|