CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1751 |
Description: A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This vulnerability allows an attacker to retrieve, create, update and delete database via $idServicio parameter in /modules/ajaxBloqueaCita.php endpoint.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
February 27th, 2025 (4 months ago)
|
|
CVE-2024-31345 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2.
CVSS: CRITICAL (9.1) EPSS Score: 0.91% SSVC Exploitation: none
February 26th, 2025 (4 months ago)
|
|
CVE-2024-47051 |
Description: This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users.
* Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulnerability has been identified in the asset upload functionality. Insufficient enforcement of allowed file extensions allows an attacker to bypass restrictions and upload executable files, such as PHP scripts.
* Path Traversal File Deletion: A Path Traversal vulnerability exists in the upload validation process. Due to improper handling of path components, an authenticated user can manipulate the file deletion process to delete arbitrary files on the host system.
CVSS: CRITICAL (9.1) EPSS Score: 1.22%
February 26th, 2025 (4 months ago)
|
|
CVE-2024-56732 |
Description:
Nessus Plugin ID 216805 with Critical Severity
Synopsis
The remote Amazon Linux 2023 host is missing a security update.
Description
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-848 advisory. HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function. (CVE-2024-56732)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'dnf update harfbuzz --releasever 2023.6.20250218' to update your system.
Read more at https://www.tenable.com/plugins/nessus/216805
CVSS: CRITICAL (9.3)
February 26th, 2025 (4 months ago)
|
|
CVE-2023-25574 |
Description: Impact
Only users that has configured a JupyterHub installation to use the authenticator class LTI13Authenticator are influenced.
LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request granting access to existing and new user identities.
Patches
None.
Workarounds
None.
References
This code segment didn't validate a JWT signature.
References
https://github.com/jupyterhub/ltiauthenticator/security/advisories/GHSA-mcgx-2gcr-p3hp
https://nvd.nist.gov/vuln/detail/CVE-2023-25574
https://github.com/jupyterhub/ltiauthenticator/blob/3feec2e81b9d3b0ad6b58ab4226af640833039f3/ltiauthenticator/lti13/validator.py#L122-L164
https://github.com/jupyterhub/ltiauthenticator/blob/main/CHANGELOG.md#140---2023-03-01
https://github.com/advisories/GHSA-mcgx-2gcr-p3hp
CVSS: CRITICAL (10.0)
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26974 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPExperts.io WP Multi Store Locator allows Blind SQL Injection. This issue affects WP Multi Store Locator: from n/a through 2.5.1.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26966 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.08% SSVC Exploitation: none
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26943 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jürgen Müller Easy Quotes allows Blind SQL Injection. This issue affects Easy Quotes: from n/a through 1.2.2.
CVSS: CRITICAL (9.3) EPSS Score: 0.04% SSVC Exploitation: none
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26900 |
Description: Deserialization of Untrusted Data vulnerability in flexmls Flexmls® IDX allows Object Injection. This issue affects Flexmls® IDX: from n/a through 3.14.27.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-24032 |
Description:
Nessus Plugin ID 216720 with Critical Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0688-1 advisory. - CVE-2025-24032: default value for `cert_policy` (`none`) allows for authentication bypass (bsc#1237062). - CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to crash (bsc#1237058).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected pam_pkcs11 and / or pam_pkcs11-32bit packages.
Read more at https://www.tenable.com/plugins/nessus/216720
CVSS: CRITICAL (9.2) EPSS Score: 0.05%
February 25th, 2025 (4 months ago)
|