CyberAlerts

CVE-2025-0637

Description: It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for other roles. The vulnerability has been identified at least in the file or path ‘/app/tools.html’.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE

January 24th, 2025 (3 months ago)

CVE-2024-52975

Fleet Server sensitive information exposure via logs

Description: An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.

CVSS: CRITICAL (9.0)

EPSS Score: 0.04%

Source: CVE

January 24th, 2025 (3 months ago)

CVE-2024-52329

ECOVACS HOME mobile app plugins do not properly validate TLS certificates

Description: ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.

CVSS: CRITICAL (9.5)

EPSS Score: 0.05%

Source: CVE

January 24th, 2025 (3 months ago)

CVE-2025-23953

WordPress user files plugin <= 2.4.2 - Arbitrary File Upload vulnerability

Description: Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files allows Upload a Web Shell to a Web Server. This issue affects user files: from n/a through 2.4.2.

CVSS: CRITICAL (10.0)

EPSS Score: 0.04%

Source: CVE

January 23rd, 2025 (3 months ago)

CVE-2025-23942

WordPress WP Load Gallery Plugin <= 2.1.6 - Arbitrary File Upload vulnerability

Description: Unrestricted Upload of File with Dangerous Type vulnerability in NgocCode WP Load Gallery allows Upload a Web Shell to a Web Server. This issue affects WP Load Gallery: from n/a through 2.1.6.

CVSS: CRITICAL (9.1)

EPSS Score: 0.04%

Source: CVE

January 23rd, 2025 (3 months ago)

CVE-2025-23932

WordPress Quick Count Plugin <= 3.00 - PHP Object Injection vulnerability

Description: Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection. This issue affects Quick Count: from n/a through 3.00.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE

January 23rd, 2025 (3 months ago)

CVE-2025-23931

WordPress WordPress Local SEO plugin <= 2.3 - SQL Injection vulnerability

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WordPress Local SEO allows Blind SQL Injection. This issue affects WordPress Local SEO: from n/a through 2.3.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE

January 23rd, 2025 (3 months ago)

CVE-2025-23921

WordPress Multi Uploader for Gravity Forms plugin <= 1.1.3 - Arbitrary File Upload vulnerability

Description: Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Multi Uploader for Gravity Forms allows Upload a Web Shell to a Web Server. This issue affects Multi Uploader for Gravity Forms: from n/a through 1.1.3.

CVSS: CRITICAL (9.0)

EPSS Score: 0.04%

Source: CVE

January 23rd, 2025 (3 months ago)

CVE-2025-23918

WordPress Smallerik File Browser plugin <= 1.1 - Arbitrary File Upload vulnerability

Description: Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Smallerik File Browser allows Upload a Web Shell to a Web Server. This issue affects Smallerik File Browser: from n/a through 1.1.

CVSS: CRITICAL (9.9)

EPSS Score: 0.04%

Source: CVE

January 23rd, 2025 (3 months ago)

CVE-2025-23914

WordPress Muzaara Google Ads Report Plugin <= 3.1 - PHP Object Injection vulnerability

Description: Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows Object Injection. This issue affects Muzaara Google Ads Report: from n/a through 3.1.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE

January 23rd, 2025 (3 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-0637	Inadequate access control in Beta10 Description: It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for other roles. The vulnerability has been identified at least in the file or path ‘/app/tools.html’. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE January 24th, 2025 (3 months ago)
CVE-2024-52975	Fleet Server sensitive information exposure via logs Description: An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled. CVSS: CRITICAL (9.0) EPSS Score: 0.04% Source: CVE January 24th, 2025 (3 months ago)
CVE-2024-52329	ECOVACS HOME mobile app plugins do not properly validate TLS certificates Description: ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens. CVSS: CRITICAL (9.5) EPSS Score: 0.05% Source: CVE January 24th, 2025 (3 months ago)
CVE-2025-23953	WordPress user files plugin <= 2.4.2 - Arbitrary File Upload vulnerability Description: Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files allows Upload a Web Shell to a Web Server. This issue affects user files: from n/a through 2.4.2. CVSS: CRITICAL (10.0) EPSS Score: 0.04% Source: CVE January 23rd, 2025 (3 months ago)
CVE-2025-23942	WordPress WP Load Gallery Plugin <= 2.1.6 - Arbitrary File Upload vulnerability Description: Unrestricted Upload of File with Dangerous Type vulnerability in NgocCode WP Load Gallery allows Upload a Web Shell to a Web Server. This issue affects WP Load Gallery: from n/a through 2.1.6. CVSS: CRITICAL (9.1) EPSS Score: 0.04% Source: CVE January 23rd, 2025 (3 months ago)
CVE-2025-23932	WordPress Quick Count Plugin <= 3.00 - PHP Object Injection vulnerability Description: Deserialization of Untrusted Data vulnerability in NotFound Quick Count allows Object Injection. This issue affects Quick Count: from n/a through 3.00. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE January 23rd, 2025 (3 months ago)
CVE-2025-23931	WordPress WordPress Local SEO plugin <= 2.3 - SQL Injection vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WordPress Local SEO allows Blind SQL Injection. This issue affects WordPress Local SEO: from n/a through 2.3. CVSS: CRITICAL (9.3) EPSS Score: 0.04% Source: CVE January 23rd, 2025 (3 months ago)
CVE-2025-23921	WordPress Multi Uploader for Gravity Forms plugin <= 1.1.3 - Arbitrary File Upload vulnerability Description: Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Multi Uploader for Gravity Forms allows Upload a Web Shell to a Web Server. This issue affects Multi Uploader for Gravity Forms: from n/a through 1.1.3. CVSS: CRITICAL (9.0) EPSS Score: 0.04% Source: CVE January 23rd, 2025 (3 months ago)
CVE-2025-23918	WordPress Smallerik File Browser plugin <= 1.1 - Arbitrary File Upload vulnerability Description: Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Smallerik File Browser allows Upload a Web Shell to a Web Server. This issue affects Smallerik File Browser: from n/a through 1.1. CVSS: CRITICAL (9.9) EPSS Score: 0.04% Source: CVE January 23rd, 2025 (3 months ago)
CVE-2025-23914	WordPress Muzaara Google Ads Report Plugin <= 3.1 - PHP Object Injection vulnerability Description: Deserialization of Untrusted Data vulnerability in NotFound Muzaara Google Ads Report allows Object Injection. This issue affects Muzaara Google Ads Report: from n/a through 3.1. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE January 23rd, 2025 (3 months ago)