CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
DOJ moves to claim $7.74 million tied to North Korean IT worker scheme
Description: The U.S. government wants to confiscate millions of dollars in funds tied to illegal employment of North Korean IT workers at American companies.
Source: The Record
June 6th, 2025 (about 1 month ago)
Another data wiper found in Ukrainian critical infrastructure
Description: The new PathWiper, spotted in an attack on Ukrainian critical infrastructure, has similarities to wiper malware previously deployed by the Russian group known as Sandworm.
Source: The Record
June 6th, 2025 (about 1 month ago)
Your ransomware nightmare just came true – now what?
Source: TheRegister
June 6th, 2025 (about 1 month ago)

CVE-2025-5757
code-projects Traffic Offense Reporting System save-reported.php cross site scripting
Description: A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument offence_id/vehicle_no/driver_license/name/address/gender/officer_reporting/offence leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine problematische Schwachstelle wurde in code-projects Traffic Offense Reporting System 1.0 ausgemacht. Davon betroffen ist unbekannter Code der Datei /save-reported.php. Dank der Manipulation des Arguments offence_id/vehicle_no/driver_license/name/address/gender/officer_reporting/offence mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.5)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-5756
code-projects Real Estate Property Management System EditCity.php sql injection
Description: A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/EditCity.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In code-projects Real Estate Property Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei /Admin/EditCity.php. Durch Beeinflussen mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
June 6th, 2025 (about 1 month ago)
Prep for Layoffs Before They Compromise Security
Description: Mass layoffs create cybersecurity vulnerabilities through dormant accounts and disgruntled employees.
Source: Dark Reading
June 6th, 2025 (about 1 month ago)
Inside the Mind of the Adversary: Why More Security Leaders Are Selecting AEV
Description: Cybersecurity involves both playing the good guy and the bad guy. Diving deep into advanced technologies and yet also going rogue in the Dark Web. Defining technical policies and also profiling attacker behavior. Security teams cannot be focused on just ticking boxes, they need to inhabit the attacker’s mindset. This is where AEV comes in. AEV (Adversarial Exposure Validation) is an advanced
Source: TheHackerNews
June 6th, 2025 (about 1 month ago)

CVE-2025-5755
SourceCodester Open Source Clinic Management System email_config.php sql injection
Description: A vulnerability was found in SourceCodester Open Source Clinic Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /email_config.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in SourceCodester Open Source Clinic Management System 1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /email_config.php. Durch das Beeinflussen des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.03%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-5192
Soar Cloud HRD Human Resource Management System - Missing Authentication for Critical Function
Description: A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions.

CVSS: CRITICAL (9.3)

EPSS Score: 0.25%

Source: CVE
June 6th, 2025 (about 1 month ago)

CVE-2025-48784
Soar Cloud HRD Human Resource Management System - Missing Authorization
Description: A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization.

CVSS: HIGH (8.8)

EPSS Score: 0.19%

Source: CVE
June 6th, 2025 (about 1 month ago)