CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24493 |
Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
June 8th, 2025 (20 days ago)
|
|
CVE-2025-23235 |
Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVSS: LOW (3.3) EPSS Score: 0.01%
June 8th, 2025 (20 days ago)
|
|
CVE-2025-21082 |
Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
CVSS: LOW (3.3) EPSS Score: 0.01%
June 8th, 2025 (20 days ago)
|
|
CVE-2025-20063 |
Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
CVSS: LOW (3.3) EPSS Score: 0.01%
June 8th, 2025 (20 days ago)
|
|
CVE-2025-38004 |
Description: In the Linux kernel, the following vulnerability has been resolved:
can: bcm: add locking for bcm_op runtime updates
The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via
hrtimer. The content and also the length of the sequence can be changed
resp reduced at runtime where the 'currframe' counter is then set to zero.
Although this appeared to be a safe operation the updates of 'currframe'
can be triggered from user space and hrtimer context in bcm_can_tx().
Anderson Nascimento created a proof of concept that triggered a KASAN
slab-out-of-bounds read access which can be prevented with a spin_lock_bh.
At the rework of bcm_can_tx() the 'count' variable has been moved into
the protected section as this variable can be modified from both contexts
too.
EPSS Score: 0.03%
June 8th, 2025 (20 days ago)
|
|
CVE-2025-38003 |
Description: In the Linux kernel, the following vulnerability has been resolved:
can: bcm: add missing rcu read protection for procfs content
When the procfs content is generated for a bcm_op which is in the process
to be removed the procfs output might show unreliable data (UAF).
As the removal of bcm_op's is already implemented with rcu handling this
patch adds the missing rcu_read_lock() and makes sure the list entries
are properly removed under rcu protection.
EPSS Score: 0.03%
June 8th, 2025 (20 days ago)
|
|
Description: Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data.
"Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack," Positive Technologies security researcher
June 8th, 2025 (20 days ago)
|
|
Description: Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. [...]
June 7th, 2025 (21 days ago)
|
|
|
Description: A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). [...]
June 7th, 2025 (21 days ago)
|
|
CVE-2025-5840 |
Description: A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to initiate the attack remotely. Es wurde eine kritische Schwachstelle in SourceCodester Client Database Management System 1.0 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei /user_update_customer_order.php. Durch Manipulieren des Arguments uploaded_file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen.
CVSS: MEDIUM (6.9) EPSS Score: 0.04%
June 7th, 2025 (21 days ago)
|