CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
🏴‍☠️ Nightspire has just published a new victim : Al Tadawi Specialty Hospital
Description: Al Tadawi Specialty Hospital
Source: Ransomware.live
June 9th, 2025 (about 1 month ago)

CVE-2025-5894
Honding Technology Smart Parking Management System - Missing Authorization
Description: Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create administrator accounts, and subsequently log into the system using those accounts.

CVSS: HIGH (8.8)

EPSS Score: 0.12%

Source: CVE
June 9th, 2025 (about 1 month ago)

CVE-2025-5867
RT-Thread lwp_syscall.c csys_sendto null pointer dereference
Description: A vulnerability classified as critical was found in RT-Thread 5.1.0. This vulnerability affects the function csys_sendto of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument to leads to null pointer dereference. In RT-Thread 5.1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft die Funktion csys_sendto der Datei rt-thread/components/lwp/lwp_syscall.c. Durch das Manipulieren des Arguments to mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden.

CVSS: HIGH (8.6)

EPSS Score: 0.05%

Source: CVE
June 9th, 2025 (about 1 month ago)
Cross-Site Scripting (XSS) reflejado en Bagisto
Description: Reflected Cross-Site Scripting (XSS) in Bagisto Mon, 06/09/2025 - 09:52 Aviso Affected Resources Bagisto, v2.0.0. Description INCIBE has coordinated the publication of a mĂŠdium severity vulnerability affecting Bagisto, an eCommerce software. The vulnerability was discovered by Gonzalo Aguilar GarcĂ­a (6h4ack).This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector and CWE vulnerability type:CVE-2025-40675: CVSS v4.0: 5.1 | CVSS AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N | CWE-79 Identificador INCIBE-2025-0299 3 - Medium Solution The Bagisto team assures that the vulnerability is no longer found in version 2.2.3. Detail CVE-2025-40675: A Reflected Cross-Site Scripting (XSS) vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter query in /search. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. References list Bagisto Etiquetas 0day ...

EPSS Score: 0.06%

Source: Incibe CERT
June 9th, 2025 (about 1 month ago)
Are technologists a threat to doing business securely?
Source: TheRegister
June 9th, 2025 (about 1 month ago)
Sausages and incentives: rewarding a resilient technology future
Description: Why ‘thinking big’ is required to shift the dynamics of the technology market.
Source: NCSC Alerts and Advisories
June 9th, 2025 (about 1 month ago)
OpenAI Bans ChatGPT Accounts Used by Russian, Iranian and Chinese Hacker Groups
Description: OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among other things. "The [Russian-speaking] actor used our models to assist with developing and refining
Source: TheHackerNews
June 9th, 2025 (about 1 month ago)

CVE-2025-5893
Honding Technology Smart Parking Management System - Exposure of Sensitive Information
Description: Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.

CVSS: CRITICAL (9.8)

EPSS Score: 0.11%

Source: CVE
June 9th, 2025 (about 1 month ago)

CVE-2025-5866
RT-Thread lwp_syscall.c sys_sigprocmask array index
Description: A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index. Es wurde eine Schwachstelle in RT-Thread 5.1.0 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft die Funktion sys_sigprocmask der Datei rt-thread/components/lwp/lwp_syscall.c. Mittels Manipulieren des Arguments how mit unbekannten Daten kann eine improper validation of array index-Schwachstelle ausgenutzt werden.

CVSS: HIGH (8.0)

EPSS Score: 0.03%

Source: CVE
June 9th, 2025 (about 1 month ago)

CVE-2025-5865
RT-Thread Parameter lwp_syscall.c sys_select memory corruption
Description: A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor explains, that "[t]he timeout parameter should be checked to check if it can be accessed correctly in kernel mode and used temporarily in kernel memory." Eine kritische Schwachstelle wurde in RT-Thread 5.1.0 ausgemacht. Hierbei geht es um die Funktion sys_select der Datei rt-thread/components/lwp/lwp_syscall.c der Komponente Parameter Handler. Mittels dem Manipulieren des Arguments timeout mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden.

CVSS: HIGH (8.0)

EPSS Score: 0.04%

Source: CVE
June 9th, 2025 (about 1 month ago)