CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-48784

Description: A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization.

CVSS: HIGH (8.8)

EPSS Score: 0.19%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-48783

Description: An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths.

CVSS: HIGH (8.8)

EPSS Score: 0.19%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-48782

Description: An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file.

CVSS: CRITICAL (9.9)

EPSS Score: 0.19%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-48781

Description: An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths.

CVSS: HIGH (8.7)

EPSS Score: 0.19%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-48780

Description: A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object.

CVSS: CRITICAL (9.9)

EPSS Score: 0.22%

Source: CVE
June 6th, 2025 (about 1 month ago)
Description: Blitz malware, active since 2024 and updated in 2025, was spread via game cheats. We discuss its infection vector and abuse of Hugging Face for C2. The post Blitz Malware: A Tale of Game Cheats and Code Repositories appeared first on Unit 42.
Source: Palo Alto Unit42
June 6th, 2025 (about 1 month ago)

CVE-2025-5739

Description: A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in TOTOLINK X15 1.0.0-B20230714.1105 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /boafrm/formSaveConfig der Komponente HTTP POST Request Handler. Durch das Beeinflussen des Arguments submit-url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (8.8)

EPSS Score: 0.14%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-5738

Description: A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in TOTOLINK X15 1.0.0-B20230714.1105 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /boafrm/formStats der Komponente HTTP POST Request Handler. Durch Manipulieren des Arguments submit-url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (8.8)

EPSS Score: 0.14%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-5737

Description: A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In TOTOLINK X15 1.0.0-B20230714.1105 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /boafrm/formDosCfg der Komponente HTTP POST Request Handler. Durch das Manipulieren des Arguments submit-url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (8.7)

EPSS Score: 0.14%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-3365

Description: A missing protection against path traversal allows to access any file on the server.

CVSS: CRITICAL (9.8)

EPSS Score: 0.06%

Source: CVE
June 6th, 2025 (about 1 month ago)