CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-5750.
EPSS Score: 0.09%
June 6th, 2025 (about 1 month ago)
|
|
|
Description: This vulnerability allows physically present attackers to bypass authentication on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.6. The following CVEs are assigned: CVE-2025-5751.
EPSS Score: 0.03%
June 6th, 2025 (about 1 month ago)
|
|
Description: Alleged data breach of Ministry of Health of Peru
June 6th, 2025 (about 1 month ago)
|
|
Description: The group was arrested in December as part of a raid that included 599 Nigerians and 193 other foreign nationals, many of them Chinese, on suspicion of being involved in a range of online crimes.
June 6th, 2025 (about 1 month ago)
|
|
Description: A new wave of Mirai botnet activity is exploiting a recently disclosed vulnerability in TBK DVR devices, CVE-2024-3721, to infect internet-connected systems with a custom ARM32 malware variant designed to evade analysis and sustain persistent remote control. Kaspersky uncovered the exploitation attempt while monitoring honeypots. The campaign targets a command injection flaw in TBK DVR-4104 …
The post New Mirai Botnet Variant Targets Flaw in 50,000 Exposed TBK DVRs appeared first on CyberInsider.
CVSS: MEDIUM (6.3)
June 6th, 2025 (about 1 month ago)
|
|
Description: A new data wiper malware named 'PathWiper' is being used in targeted attacks against critical infrastructure in Ukraine, aimed at disrupting operations in the country. [...]
June 6th, 2025 (about 1 month ago)
|
|
Description: State-backed threat actors from a handful of countries are using ChatGPT for a range of malicious purposes ranging from malware refinement to employment scams and social media disinformation campaigns.
June 6th, 2025 (about 1 month ago)
|
CVE-2025-5806 |
Description: Jenkins Gatling Plugin 136.vb_9009b_3d33a_e serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to change report content.
CVSS: HIGH (8.0) EPSS Score: 0.04% SSVC Exploitation: none
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-5791 |
Description: A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.
EPSS Score: 0.01% SSVC Exploitation: none
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-5778 |
Description: A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. Affected is an unknown function of the file /adminSQL. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in 1000 Projects ABC Courier Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /adminSQL. Dank der Manipulation des Arguments Username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.04%
June 6th, 2025 (about 1 month ago)
|