CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-4741 |
🚨 Marked as known exploited on April 19th, 2025 (2 months ago).
Description:
Nessus Plugin ID 234630 with High Severity
Synopsis
The remote Azure Linux host is missing one or more security updates.
Description
The version of edk2 / hvloader / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4741 advisory. - Issue summary: Calling the OpenSSL API function SSL_free_buffers May cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been...
CVSS: HIGH (7.5)
April 19th, 2025 (2 months ago)
|
|
CVE-2025-3404 |
Description: The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the savePackage function in all versions up to, and including, 3.3.12. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS: HIGH (8.8) EPSS Score: 0.19%
April 19th, 2025 (2 months ago)
|
|
CVE-2025-3809 |
Description: The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the auto-refresh debug log in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: HIGH (7.2) EPSS Score: 0.1%
April 19th, 2025 (2 months ago)
|
|
CVE-2025-2111 |
Description: The Insert Headers And Footers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'custom_plugin_set_option' function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. The 'WPBRIGADE_SDK__DEV_MODE' constant must be set to 'true' to exploit the vulnerability.
CVSS: HIGH (7.5) EPSS Score: 0.02%
April 19th, 2025 (2 months ago)
|
|
CVE-2025-3103 |
Description: The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to read arbitrary files on the affected site's server, which may contain sensitive information including database credentials. The vulnerability was partially patched in version 2.4.
CVSS: HIGH (7.5) EPSS Score: 0.04%
April 19th, 2025 (2 months ago)
|
|
CVE-2025-2010 |
Description: The JobWP – Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwp_upload_resume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: HIGH (7.5) EPSS Score: 0.08%
April 19th, 2025 (2 months ago)
|
|
CVE-2025-32953 |
Description: z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the `makefile-ubuntu.yml` workflow file uses `actions/upload-artifact@v4` to upload the `z80pack-ubuntu` artifact. This artifact is a zip of the current directory, which includes the automatically generated `.git/config` file containing the run's GITHUB_TOKEN. Seeing as the artifact can be downloaded prior to the end of the workflow, there is a few seconds where an attacker can extract the token from the artifact and use it with the Github API to push malicious code or rewrite release commits in your repository. This issue has been fixed in commit bd95916.
CVSS: HIGH (8.7) EPSS Score: 0.07%
April 18th, 2025 (2 months ago)
|
|
Description: Description
This advisory follows the security advisory GHSA-79w7-vh3h-8g4j published by the yt-dlp/yt-dlp project to aid remediation of the issue in the ytdl-org/youtube-dl project.
Vulnerability
youtube-dl does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on Windows).
Impact
Since youtube-dl also reads config from the working directory (and, on Windows, executables will be executed from the youtube-dl directory by default) the vulnerability could allow the unwanted execution of local code, including downloads masquerading as, eg, subtitles.
Patches
The versions of youtube-dl listed as Patched remediate this vulnerability by disallowing path separators and whitelisting allowed extensions. As a result, some very uncommon extensions might not get downloaded.
Workarounds
Any/all of the below considerations may limit exposure in case it is necessary to use a vulnerable version
have .%(ext)s at the end of the output template
download from websites that you trust
do not download to a directory within the executable search PATH or other sensitive locations, such as your user directory or system directories
in Windows versions that support it, set NoDefaultCurrentDirectoryInExePath to prevent the cmd shell's executable search adding the default directory before PATH
consider that the path traversal vulnerability as a result of resolving non_existent_dir\..\..\target does not exist ...
CVSS: HIGH (7.8)
April 18th, 2025 (2 months ago)
|
|
CVE-2025-24914 |
Description: When installing Nessus to a non-default location on a Windows host, Nessus versions prior to 10.8.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. - CVE-2025-24914
CVSS: HIGH (7.8) EPSS Score: 0.01% SSVC Exploitation: none
April 18th, 2025 (2 months ago)
|
|
CVE-2025-32792 |
Description: SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using `ses` and the Compartment API to evaluate third-party code in an isolated execution environment that have also elsewhere used `const`, `let`, and `class` bindings in the top-level scope of a `` tag will have inadvertently revealed these bindings in the lexical scope of third-party code. This issue has been patched in version 1.12.0. Workarounds for this issue involve either avoiding top-level `let`, `const`, or `class` bindings in `<script>` tags, or change these to `var` bindings to be reflected on `globalThis`.
CVSS: HIGH (8.7) EPSS Score: 0.1%
April 18th, 2025 (2 months ago)
|