CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-2161
Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup
Description: Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup

CVSS: HIGH (7.1)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
April 14th, 2025 (2 months ago)

CVE-2025-2160
Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup
Description: Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup

CVSS: HIGH (8.1)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
April 14th, 2025 (2 months ago)

CVE-2025-27009
WordPress My auctions allegro plugin <= 3.6.20 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro allows Stored XSS.This issue affects My auctions allegro: from n/a through 3.6.20.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
April 14th, 2025 (2 months ago)

CVE-2025-31344
The giflib open-source component has a buffer overflow vulnerability
Description: Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2.

CVSS: HIGH (7.3)

EPSS Score: 0.02%

Source: CVE
April 14th, 2025 (2 months ago)

CVE-2024-56406
Debian dsa-5902 : libperl-dev - security update
Description: Nessus Plugin ID 234241 with Critical Severity Synopsis The remote Debian host is missing a security-related update. Description The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5902 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5902-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : perl CVE ID : CVE-2024-56406 Nathan Mills discovered a heap-based buffer overflow vulnerability in the implementation of the Perl programming language when transliterating non-ASCII bytes with tr///, which may result in denial of service, or potentially the execution of arbitrary code. For the stable distribution (bookworm), this problem has been fixed in version 5.36.0-7+deb12u2. We recommend that you upgrade your perl packages. For the detailed security status of perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/perl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/secu...

CVSS: HIGH (8.6)

EPSS Score: 0.05%

Source: Tenable Plugins
April 14th, 2025 (2 months ago)

CVE-2025-24855
RHEL 8 : libxslt (RHSA-2025:3624)
Description: Nessus Plugin ID 234257 with High Severity Synopsis The remote Red Hat host is missing one or more security updates for libxslt. Description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3624 advisory. libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. Security Fix(es): * libxslt: Use-After-Free in libxslt numbers.c (CVE-2025-24855) * libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) (CVE-2024-55549) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the RHEL libxslt package based on the guidance in RHSA-2025:3624. Read more at https://www.tenable.com/plugins/nessus/234257

CVSS: HIGH (7.8)

Source: Tenable Plugins
April 14th, 2025 (2 months ago)

CVE-2025-24855
RHEL 8 : libxslt (RHSA-2025:3615)
Description: Nessus Plugin ID 234259 with High Severity Synopsis The remote Red Hat host is missing one or more security updates for libxslt. Description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3615 advisory. libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. Security Fix(es): * libxslt: Use-After-Free in libxslt numbers.c (CVE-2025-24855) * libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) (CVE-2024-55549) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the RHEL libxslt package based on the guidance in RHSA-2025:3615. Read more at https://www.tenable.com/plugins/nessus/234259

CVSS: HIGH (7.8)

Source: Tenable Plugins
April 14th, 2025 (2 months ago)

CVE-2025-24855
RHEL 8 : libxslt (RHSA-2025:3619)
Description: Nessus Plugin ID 234261 with High Severity Synopsis The remote Red Hat host is missing one or more security updates for libxslt. Description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3619 advisory. libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. Security Fix(es): * libxslt: Use-After-Free in libxslt numbers.c (CVE-2025-24855) * libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) (CVE-2024-55549) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the RHEL libxslt package based on the guidance in RHSA-2025:3619. Read more at https://www.tenable.com/plugins/nessus/234261

CVSS: HIGH (7.8)

Source: Tenable Plugins
April 14th, 2025 (2 months ago)

CVE-2024-55549
RHEL 9 : libxslt (RHSA-2025:3613)
Description: Nessus Plugin ID 234266 with High Severity Synopsis The remote Red Hat host is missing a security update for libxslt. Description The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3613 advisory. libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. Security Fix(es): * libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) (CVE-2024-55549) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the RHEL libxslt package based on the guidance in RHSA-2025:3613. Read more at https://www.tenable.com/plugins/nessus/234266

CVSS: HIGH (7.8)

Source: Tenable Plugins
April 14th, 2025 (2 months ago)

CVE-2025-24855
RHEL 7 : libxslt (RHSA-2025:3612)
Description: Nessus Plugin ID 234270 with High Severity Synopsis The remote Red Hat host is missing one or more security updates for libxslt. Description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:3612 advisory. libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. Security Fix(es): * libxslt: Use-After-Free in libxslt numbers.c (CVE-2025-24855) * libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) (CVE-2024-55549) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the RHEL libxslt package based on the guidance in RHSA-2025:3612. Read more at https://www.tenable.com/plugins/nessus/234270

CVSS: HIGH (7.8)

Source: Tenable Plugins
April 14th, 2025 (2 months ago)