CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-5847	Tenda AC9 HTTP POST Request SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow Description: A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In Tenda AC9 15.03.02.13 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion formSetSafeWanWebMan der Datei /goform/SetRemoteWebCfg der Komponente HTTP POST Request Handler. Durch das Manipulieren des Arguments remoteIp mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. CVSS: HIGH (8.8) EPSS Score: 0.09% Source: CVE June 8th, 2025 (about 1 month ago)
	New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally Description: Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware. The malware, introduced via a change to "lib/commonjs/index.js," allows an attacker to run shell commands, take screenshots, and upload files to infected machines, Aikido Security told The Hacker News, stating these packages collectively account for nearly 1 Source: TheHackerNews June 8th, 2025 (about 1 month ago)
	Enterprises are getting stuck in AI pilot hell, say Chatterbox Labs execs Source: TheRegister June 8th, 2025 (about 1 month ago)
CVE-2025-27563	security_access_token has an improper preservation of permissions vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. CVSS: LOW (3.3) EPSS Score: 0.01% Source: CVE June 8th, 2025 (about 1 month ago)
CVE-2025-27247	Pasteboard has an improper preservation of permissions vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. CVSS: MEDIUM (5.5) EPSS Score: 0.01% Source: CVE June 8th, 2025 (about 1 month ago)
CVE-2025-27242	Ssecurity_component_manager has an improper input vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. CVSS: LOW (3.3) EPSS Score: 0.02% Source: CVE June 8th, 2025 (about 1 month ago)
CVE-2025-27131	kernel_liteos_m has an improper input vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input. CVSS: MEDIUM (6.1) EPSS Score: 0.02% Source: CVE June 8th, 2025 (about 1 month ago)
CVE-2025-26693	security_access_token has an improper preservation of permissions vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. CVSS: LOW (3.3) EPSS Score: 0.01% Source: CVE June 8th, 2025 (about 1 month ago)
CVE-2025-26691	telephony_call_manager has an improper preservation of permissions vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. CVSS: MEDIUM (5.5) EPSS Score: 0.01% Source: CVE June 8th, 2025 (about 1 month ago)
CVE-2025-25217	arkui_ace_enginehas a NULL pointer dereference vulnerability Description: in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. CVSS: LOW (3.3) EPSS Score: 0.01% Source: CVE June 8th, 2025 (about 1 month ago)