CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

	New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally Description: Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware. The malware, introduced via a change to "lib/commonjs/index.js," allows an attacker to run shell commands, take screenshots, and upload files to infected machines, Aikido Security told The Hacker News, stating these packages collectively account for nearly 1 Source: TheHackerNews June 8th, 2025 (20 days ago)
	Enterprises are getting stuck in AI pilot hell, say Chatterbox Labs execs Source: TheRegister June 8th, 2025 (20 days ago)
CVE-2025-27563	security_access_token has an improper preservation of permissions vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. CVSS: LOW (3.3) EPSS Score: 0.01% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-27247	Pasteboard has an improper preservation of permissions vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. CVSS: MEDIUM (5.5) EPSS Score: 0.01% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-27242	Ssecurity_component_manager has an improper input vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. CVSS: LOW (3.3) EPSS Score: 0.02% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-27131	kernel_liteos_m has an improper input vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. CVSS: MEDIUM (6.1) EPSS Score: 0.02% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-26693	security_access_token has an improper preservation of permissions vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. CVSS: LOW (3.3) EPSS Score: 0.01% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-26691	telephony_call_manager has an improper preservation of permissions vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. CVSS: MEDIUM (5.5) EPSS Score: 0.01% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-25217	arkui_ace_enginehas a NULL pointer dereference vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. CVSS: LOW (3.3) EPSS Score: 0.01% Source: CVE June 8th, 2025 (20 days ago)
CVE-2025-24493	kernel_liteos_a has a race condition vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition. CVSS: MEDIUM (5.5) EPSS Score: 0.01% Source: CVE June 8th, 2025 (20 days ago)