CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5786 |
Description: A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in TOTOLINK X15 1.0.0-B20230714.1105 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /boafrm/formDMZ der Komponente HTTP POST Request Handler. Dank Manipulation des Arguments submit-url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.14%
June 6th, 2025 (28 days ago)
|
|
CVE-2025-5785 |
Description: A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in TOTOLINK X15 1.0.0-B20230714.1105 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /boafrm/formWirelessTbl der Komponente HTTP POST Request Handler. Dank der Manipulation des Arguments submit-url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.14% SSVC Exploitation: poc
June 6th, 2025 (28 days ago)
|
|
CVE-2025-5784 |
Description: A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This vulnerability affects unknown code of the file /myexp.php. The manipulation of the argument emp3ctc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Employee Record Management System 1.3 wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /myexp.php. Durch Beeinflussen des Arguments emp3ctc mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.03% SSVC Exploitation: poc
June 6th, 2025 (28 days ago)
|
|
CVE-2025-49599 |
Description: Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET TCP ports, aka HWNO-56Q3.
CVSS: MEDIUM (4.1) EPSS Score: 0.01%
June 6th, 2025 (28 days ago)
|
|
Description: Though the operation was partially disrupted earlier this year, the botnet remains active and continues to target connected Android devices.
June 6th, 2025 (28 days ago)
|
|
Description: Microsoft has released a PowerShell script to help restore an empty 'inetpub' folder created by the April 2025 Windows security updates if deleted. As Microsoft previously warned, this folder helps mitigate a high-severity Windows Process Activation privilege escalation vulnerability. [...]
June 6th, 2025 (28 days ago)
|
|
Description: Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems.
The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum.
"macOS users are served a
June 6th, 2025 (28 days ago)
|
|
Description: MTT Expertises is a Franco-Moroccan firm specializing in asset valuation and post-incident expertise. Founded in 2004, the company offers services such as insurance capital estimation, risk management, and assistance after incidents. With a multidisciplinary team of over 40 professionals, including engineers, technicians, and financial experts, MTT Expertises operates from offices in Casablanca, Agadir, and Tangier, and maintains a presence in France and other African countries. The firm is accredited by the Moroccan Federation of Insurance and Reinsurance Companies (FMSAR), ensuring quality and reliability in its services. Under the leadership of Director Mohamed Tahiri, MTT Expertises is committed to delivering precise and professional services to meet the diverse needs of its clients.
June 6th, 2025 (28 days ago)
|
|
Description: U.S. tax resolution firm Optima Tax Relief suffered a Chaos ransomware attack, with the threat actors now leaking data stolen from the company. [...]
June 6th, 2025 (28 days ago)
|
|
Description: Town of Kittery, Maine falls victim to INC RANSOM Ransomware
June 6th, 2025 (28 days ago)
|