CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26691 |
Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
June 8th, 2025 (about 1 month ago)
|
|
CVE-2025-25217 |
Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
CVSS: LOW (3.3) EPSS Score: 0.01%
June 8th, 2025 (about 1 month ago)
|
|
CVE-2025-24493 |
Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
June 8th, 2025 (about 1 month ago)
|
|
CVE-2025-23235 |
Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVSS: LOW (3.3) EPSS Score: 0.01%
June 8th, 2025 (about 1 month ago)
|
|
CVE-2025-21082 |
Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
CVSS: LOW (3.3) EPSS Score: 0.01%
June 8th, 2025 (about 1 month ago)
|
|
CVE-2025-20063 |
Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
CVSS: LOW (3.3) EPSS Score: 0.01%
June 8th, 2025 (about 1 month ago)
|
|
CVE-2025-38004 |
Description: In the Linux kernel, the following vulnerability has been resolved:
can: bcm: add locking for bcm_op runtime updates
The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via
hrtimer. The content and also the length of the sequence can be changed
resp reduced at runtime where the 'currframe' counter is then set to zero.
Although this appeared to be a safe operation the updates of 'currframe'
can be triggered from user space and hrtimer context in bcm_can_tx().
Anderson Nascimento created a proof of concept that triggered a KASAN
slab-out-of-bounds read access which can be prevented with a spin_lock_bh.
At the rework of bcm_can_tx() the 'count' variable has been moved into
the protected section as this variable can be modified from both contexts
too.
EPSS Score: 0.03%
June 8th, 2025 (about 1 month ago)
|
|
CVE-2025-38003 |
Description: In the Linux kernel, the following vulnerability has been resolved:
can: bcm: add missing rcu read protection for procfs content
When the procfs content is generated for a bcm_op which is in the process
to be removed the procfs output might show unreliable data (UAF).
As the removal of bcm_op's is already implemented with rcu handling this
patch adds the missing rcu_read_lock() and makes sure the list entries
are properly removed under rcu protection.
EPSS Score: 0.03%
June 8th, 2025 (about 1 month ago)
|
|
Description: Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data.
"Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack," Positive Technologies security researcher
June 8th, 2025 (about 1 month ago)
|
|
Description: Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. [...]
June 7th, 2025 (about 1 month ago)
|