CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5793 |
Description: A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /boafrm/formPortFw der Komponente HTTP POST Request Handler. Durch das Manipulieren des Arguments service_type mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.14% SSVC Exploitation: poc
June 6th, 2025 (22 days ago)
|
|
CVE-2025-5792 |
Description: A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /boafrm/formWlanRedirect der Komponente HTTP POST Request Handler. Mittels Manipulieren des Arguments redirect-url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.14% SSVC Exploitation: poc
June 6th, 2025 (22 days ago)
|
|
CVE-2025-5481 |
Description: Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26168.
CVSS: HIGH (7.8) EPSS Score: 0.06%
June 6th, 2025 (22 days ago)
|
|
CVE-2025-5480 |
Description: Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26767.
CVSS: HIGH (7.8) EPSS Score: 0.02%
June 6th, 2025 (22 days ago)
|
|
CVE-2025-5474 |
Description: 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator is also required.
The specific flaw exists within the Mirror functionality. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26962.
CVSS: HIGH (7.3) EPSS Score: 0.02%
June 6th, 2025 (22 days ago)
|
|
CVE-2025-5473 |
Description: GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752.
CVSS: HIGH (7.8) EPSS Score: 0.05%
June 6th, 2025 (22 days ago)
|
|
CVE-2025-3485 |
Description: Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability.
The specific flaw exists within the implementation of the extractFileFromZip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26524.
CVSS: HIGH (7.2) EPSS Score: 2.98%
June 6th, 2025 (22 days ago)
|
|
CVE-2025-2766 |
Description: 70mai A510 Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of 70mai A510. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the default configuration of user accounts. The configuration contains default password. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the root. Was ZDI-CAN-24996.
CVSS: HIGH (8.8) EPSS Score: 0.03%
June 6th, 2025 (22 days ago)
|
|
Description: Après 20 ans d’expertises dans le domaine des ressources humaines, la synergie entre l'ensemble de nos activités (Intérim Cdd Cdi, Recrutement, Formation) est maintenant totale. Nous sommes donc fiers de vous annoncer que nous avons réuni toutes nos activités sous l'enseigne BEST PROFIL. Ce tournant stratégique nous permet de nous adapter aux exigences d'un marché en continuel évolution. Nous avons accompagné ce regroupement par un changement d'identité visuel qui véhiculera nos valeurs et nos promesses. . Au delà d’une signature « l’homme au cœur de nos métiers » est une préoccupation journalière et s’exprime dans les valeurs que nous portons : Proximité : le suivi au quotidien de nos collaborateurs et de nos clients est l’atout majeur de Best Profil.
June 6th, 2025 (22 days ago)
|
|
|
Description: Luis Garratón, LLC is a full-service distributor specializing in pharmaceuticals, consumer goods, and logistics services. The company focuses on meeting the needs of clients in the distribution and marketing sectors with four main service categories: healthcare, consumer products, logistic services, and digital marketing. They pride themselves on delivering durable results, a dedicated sales force, award-winning services, and a high level of professionalism. With a commitment to excellence, Luis Garratón, LLC aims to help businesses achieve their commercial goals.
June 6th, 2025 (22 days ago)
|