CyberAlerts

CVE-2025-0159

Description: IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request.

CVSS: CRITICAL (9.1)

EPSS Score: 0.11%

SSVC Exploitation: none

Source: CVE

February 28th, 2025 (4 months ago)

CVE-2025-22273

Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager

Description: Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.

CVSS: CRITICAL (9.3)

EPSS Score: 0.05%

Source: CVE

February 28th, 2025 (4 months ago)

CVE-2025-1413

Dylib Hijacking in DaVinci Resolve

Description: DaVinci Resolve on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and applications can exploit this vulnerability for privilege escalation. This issue affects DaVinci Resolve on MacOS in versions before 19.1.3.

CVSS: CRITICAL (9.2)

EPSS Score: 0.01%

Source: CVE

February 28th, 2025 (4 months ago)

CVE-2024-9193

WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update

Description: The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpress_domain_search_ajax_extended_results() function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. Utilizing the /admin/services.php file, this can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

CVSS: CRITICAL (9.8)

EPSS Score: 17.43%

Source: CVE

February 28th, 2025 (4 months ago)

CVE-2024-8425

WooCommerce Ultimate Gift Card <= 2.6.0 - Unauthenticated Arbitrary File Upload

Description: The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and including, 2.6.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVSS: CRITICAL (9.8)

EPSS Score: 0.13%

Source: CVE

February 28th, 2025 (4 months ago)

CVE-2024-8420

DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation

Description: The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE

February 28th, 2025 (4 months ago)

CVE-2025-1744

Out-of-bounds Write in radare2

Description: Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9.

CVSS: CRITICAL (10.0)

EPSS Score: 0.05%

Source: CVE

February 28th, 2025 (4 months ago)

CVE-2025-1751

CVE-2025-1751: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description: CVE-2025-1751: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: DarkWebInformer

February 27th, 2025 (4 months ago)

CVE-2021-29999

Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers

Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Communication modules for Modicon M580 and Quantum controllers Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a stack overflow attack, which could result in loss of confidentiality, integrity, and denial of service of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following communication modules for Modicon M580 and Quantum controllers are affected by a vulnerability in VxWorks operating system: Modicon M580 communication modules BMENOC BMENOC0321: Versions prior to SV1.10 Modicon M580 communication modules BMECRA BMECRA31210: All versions Modicon M580/Quantum communication modules BMXCRA BMXCRA31200: All versions Modicon M580/Quantum communication modules BMXCRA BMXCRA31210: All versions Modicon Quantum communication modules 140CRA 140CRA31908: All versions Modicon Quantum communication modules 140CRA 140CRA31200: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 A possible stack overflow in dhcp server was discovered in Wind River VxWorks through 6.8. CVE-2021-29999 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critic...

CVSS: CRITICAL (9.8)

Source: All CISA Advisories

February 27th, 2025 (4 months ago)

CVE-2024-13148

SQLi in Yukseloglu Filter's B2B Login Platform

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yukseloglu Filter B2B Login Platform allows SQL Injection.This issue affects B2B Login Platform: before 16.01.2025.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE

February 27th, 2025 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-0159	IBM FlashSystem authentication bypass Description: IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. CVSS: CRITICAL (9.1) EPSS Score: 0.11% SSVC Exploitation: none Source: CVE February 28th, 2025 (4 months ago)
CVE-2025-22273	Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager Description: Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer. CVSS: CRITICAL (9.3) EPSS Score: 0.05% Source: CVE February 28th, 2025 (4 months ago)
CVE-2025-1413	Dylib Hijacking in DaVinci Resolve Description: DaVinci Resolve on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and applications can exploit this vulnerability for privilege escalation. This issue affects DaVinci Resolve on MacOS in versions before 19.1.3. CVSS: CRITICAL (9.2) EPSS Score: 0.01% Source: CVE February 28th, 2025 (4 months ago)
CVE-2024-9193	WHMpress <= 6.3-revision-0 - Unauthenticated Local File Inclusion to Arbitrary Options Update Description: The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpress_domain_search_ajax_extended_results() function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. Utilizing the /admin/services.php file, this can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. CVSS: CRITICAL (9.8) EPSS Score: 17.43% Source: CVE February 28th, 2025 (4 months ago)
CVE-2024-8425	WooCommerce Ultimate Gift Card <= 2.6.0 - Unauthenticated Arbitrary File Upload Description: The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and including, 2.6.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSS: CRITICAL (9.8) EPSS Score: 0.13% Source: CVE February 28th, 2025 (4 months ago)
CVE-2024-8420	DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation Description: The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites. CVSS: CRITICAL (9.8) EPSS Score: 0.05% Source: CVE February 28th, 2025 (4 months ago)
CVE-2025-1744	Out-of-bounds Write in radare2 Description: Out-of-bounds Write vulnerability in radareorg radare2 allows heap-based buffer over-read or buffer overflow.This issue affects radare2: before <5.9.9. CVSS: CRITICAL (10.0) EPSS Score: 0.05% Source: CVE February 28th, 2025 (4 months ago)
CVE-2025-1751	CVE-2025-1751: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Description: CVE-2025-1751: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CVSS: CRITICAL (9.8) EPSS Score: 0.05% Source: DarkWebInformer February 27th, 2025 (4 months ago)
CVE-2021-29999	Schneider Electric Communication Modules for Modicon M580 and Quantum Controllers Description: View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: Communication modules for Modicon M580 and Quantum controllers Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a stack overflow attack, which could result in loss of confidentiality, integrity, and denial of service of the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports that the following communication modules for Modicon M580 and Quantum controllers are affected by a vulnerability in VxWorks operating system: Modicon M580 communication modules BMENOC BMENOC0321: Versions prior to SV1.10 Modicon M580 communication modules BMECRA BMECRA31210: All versions Modicon M580/Quantum communication modules BMXCRA BMXCRA31200: All versions Modicon M580/Quantum communication modules BMXCRA BMXCRA31210: All versions Modicon Quantum communication modules 140CRA 140CRA31908: All versions Modicon Quantum communication modules 140CRA 140CRA31200: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 A possible stack overflow in dhcp server was discovered in Wind River VxWorks through 6.8. CVE-2021-29999 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Critic... CVSS: CRITICAL (9.8) Source: All CISA Advisories February 27th, 2025 (4 months ago)
CVE-2024-13148	SQLi in Yukseloglu Filter's B2B Login Platform Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yukseloglu Filter B2B Login Platform allows SQL Injection.This issue affects B2B Login Platform: before 16.01.2025. CVSS: CRITICAL (9.8) EPSS Score: 0.04% SSVC Exploitation: none Source: CVE February 27th, 2025 (4 months ago)