CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-38004 |
Description: In the Linux kernel, the following vulnerability has been resolved:
can: bcm: add locking for bcm_op runtime updates
The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via
hrtimer. The content and also the length of the sequence can be changed
resp reduced at runtime where the 'currframe' counter is then set to zero.
Although this appeared to be a safe operation the updates of 'currframe'
can be triggered from user space and hrtimer context in bcm_can_tx().
Anderson Nascimento created a proof of concept that triggered a KASAN
slab-out-of-bounds read access which can be prevented with a spin_lock_bh.
At the rework of bcm_can_tx() the 'count' variable has been moved into
the protected section as this variable can be modified from both contexts
too.
EPSS Score: 0.03%
June 8th, 2025 (20 days ago)
|
|
CVE-2025-38003 |
Description: In the Linux kernel, the following vulnerability has been resolved:
can: bcm: add missing rcu read protection for procfs content
When the procfs content is generated for a bcm_op which is in the process
to be removed the procfs output might show unreliable data (UAF).
As the removal of bcm_op's is already implemented with rcu handling this
patch adds the missing rcu_read_lock() and makes sure the list entries
are properly removed under rcu protection.
EPSS Score: 0.03%
June 8th, 2025 (20 days ago)
|
|
Description: Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data.
"Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack," Positive Technologies security researcher
June 8th, 2025 (20 days ago)
|
|
Description: Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. [...]
June 7th, 2025 (21 days ago)
|
|
|
Description: A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). [...]
June 7th, 2025 (21 days ago)
|
|
CVE-2025-5840 |
Description: A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to initiate the attack remotely. Es wurde eine kritische Schwachstelle in SourceCodester Client Database Management System 1.0 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei /user_update_customer_order.php. Durch Manipulieren des Arguments uploaded_file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen.
CVSS: MEDIUM (6.9) EPSS Score: 0.04%
June 7th, 2025 (21 days ago)
|
|
CVE-2024-55585 |
Description: moPS App Engine 1.8.618 has incorrect access control.
EPSS Score: 0.1%
June 7th, 2025 (21 days ago)
|
|
Description: [AI generated] Triangle Heating & Cooling is a heating and cooling service provider, renowned for their commitment to high-quality work and customer satisfaction. The company operates throughout Randolph County, WV, offering various HVAC services, including installations, repairs, and maintenance of cooling, heating, and indoor air quality systems. They are dedicated to providing comfortable living environments for their clients.
June 7th, 2025 (21 days ago)
|
|
|
Description: [AI generated] Mercer Capital is a business valuation and financial advisory services firm. With expertise in providing business valuation services, this US-based company also offers financial reporting, tax compliance, corporate advisory services, and litigation support. Other services include portfolio valuation and investment banking. Their clientele is diverse, including public and private businesses, financial institutions, and high-net-worth individuals.
June 7th, 2025 (21 days ago)
|
|
|
Description: [AI generated] N/A
June 7th, 2025 (21 days ago)
|