CyberAlerts

CVE-2025-21463

Buffer Over-read in WLAN Host Communication

Description: Transient DOS while processing the EHT operation IE in the received beacon frame.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE

June 3rd, 2025 (5 days ago)

CVE-2024-53026

Buffer Over-read in Data Network Stack & Connectivity

Description: Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: CVE

June 3rd, 2025 (5 days ago)

CVE-2024-53021

Buffer Over-read in Data Network Stack & Connectivity

Description: Information disclosure may occur while processing goodbye RTCP packet from network.

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: CVE

June 3rd, 2025 (5 days ago)

CVE-2024-53020

Buffer Over-read in Data Network Stack & Connectivity

Description: Information disclosure may occur while decoding the RTP packet with invalid header extension from network.

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: CVE

June 3rd, 2025 (5 days ago)

CVE-2024-53019

Buffer Over-read in Data Network Stack & Connectivity

Description: Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: CVE

June 3rd, 2025 (5 days ago)

CVE-2024-53010

Improper Access Control in Core

Description: Memory corruption may occur while attaching VM when the HLOS retains access to VM.

CVSS: HIGH (7.8)

EPSS Score: 0.01%

Source: CVE

June 3rd, 2025 (5 days ago)

CVE-2025-4224

wpForo + wpForo Advanced Attachments <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting

Description: The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: HIGH (7.2)

EPSS Score: 0.03%

Source: CVE

June 3rd, 2025 (5 days ago)

ZDI-25-312: Hewlett Packard Enterprise StoreOnce VSA setLocateBeaconOnHardware Command Injection Remote Code Execution Vulnerability

Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2025-37089.

CVSS: HIGH (7.2)

EPSS Score: 0.42%

Source: Zero Day Initiative Published Advisories

June 2nd, 2025 (5 days ago)

ZDI-25-314: Hewlett Packard Enterprise StoreOnce VSA doExecute Command Injection Remote Code Execution Vulnerability

Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2025-37091.

CVSS: HIGH (7.2)

EPSS Score: 0.2%

Source: Zero Day Initiative Published Advisories

June 2nd, 2025 (5 days ago)

ZDI-25-315: Hewlett Packard Enterprise StoreOnce VSA queryHardwareReportLocally Command Injection Remote Code Execution Vulnerability

Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2025-37092.

CVSS: HIGH (7.2)

EPSS Score: 0.42%

Source: Zero Day Initiative Published Advisories

June 2nd, 2025 (5 days ago)

Threat and Vulnerability Intelligence Database

Example Searches: