CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
June 6th, 2025 (about 1 month ago)
|
CVE-2025-5795 |
Description: A vulnerability, which was classified as critical, was found in Tenda AC5 1.0/15.03.06.47. This affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in Tenda AC5 1.0/15.03.06.47 gefunden. Betroffen hiervon ist die Funktion fromadvsetlanip der Datei /goform/AdvSetLanip. Mittels dem Manipulieren des Arguments lanMask mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.08%
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-5794 |
Description: A vulnerability, which was classified as critical, has been found in Tenda AC5 15.03.06.47. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in Tenda AC5 15.03.06.47 entdeckt. Betroffen davon ist die Funktion formSetPPTPUserList der Datei /goform/setPptpUserList. Durch Manipulation des Arguments list mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.08%
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-5793 |
Description: A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 gefunden. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /boafrm/formPortFw der Komponente HTTP POST Request Handler. Durch das Manipulieren des Arguments service_type mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.14% SSVC Exploitation: poc
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-5792 |
Description: A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /boafrm/formWlanRedirect der Komponente HTTP POST Request Handler. Mittels Manipulieren des Arguments redirect-url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.14% SSVC Exploitation: poc
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-5481 |
Description: Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26168.
CVSS: HIGH (7.8) EPSS Score: 0.06%
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-5480 |
Description: Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26767.
CVSS: HIGH (7.8) EPSS Score: 0.02%
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-5474 |
Description: 2BrightSparks SyncBackFree Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 2BrightSparks SyncBackFree. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. User interaction on the part of an administrator is also required.
The specific flaw exists within the Mirror functionality. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26962.
CVSS: HIGH (7.3) EPSS Score: 0.02%
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-5473 |
Description: GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752.
CVSS: HIGH (7.8) EPSS Score: 0.05%
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-3485 |
Description: Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability.
The specific flaw exists within the implementation of the extractFileFromZip method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26524.
CVSS: HIGH (7.2) EPSS Score: 4.13%
June 6th, 2025 (about 1 month ago)
|