CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3014 |
Description: Insecure Direct Object References (IDOR) in access control in Tracking 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references.
CVSS: HIGH (8.3) EPSS Score: 0.04%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-3013 |
Description: Insecure Direct Object References (IDOR) in access control in Customer Portal before 2.1.4 on NightWolf Penetration Testing allows an attacker to access via manipulating request parameters or object references.
CVSS: HIGH (8.3) EPSS Score: 0.04%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-2960 |
Description: A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null pointer dereference. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine Schwachstelle in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106 entdeckt. Sie wurde als problematisch eingestuft. Dabei betrifft es die Funktion sub_41DED0 der Datei /bin/goahead der Komponente HTTP Request Handler. Durch Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.1) EPSS Score: 0.12%
March 30th, 2025 (3 months ago)
|
|
CVE-2025-2959 |
Description: A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub_4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine problematische Schwachstelle wurde in TRENDnet TEW-410APB 1.3.06b ausgemacht. Dies betrifft die Funktion sub_4019A0 der Datei /usr/sbin/httpd der Komponente HTTP Request Handler. Durch das Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.1) EPSS Score: 0.12%
March 30th, 2025 (3 months ago)
|
|
CVE-2025-2957 |
Description: A vulnerability was found in TRENDnet TEW-411BRP+ 2.07. It has been classified as problematic. Affected is the function sub_401DB0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in TRENDnet TEW-411BRP+ 2.07 ausgemacht. Es betrifft die Funktion sub_401DB0 der Datei /usr/sbin/httpd der Komponente HTTP Request Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.1) EPSS Score: 0.03%
March 30th, 2025 (3 months ago)
|
|
CVE-2021-3872 |
Description:
Nessus Plugin ID 233548 with High Severity
Synopsis
The remote Debian host is missing one or more security-related updates.
Description
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4097 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4097-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton March 30, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : vim Version : 2:8.2.2434-3+deb11u3 CVE ID : CVE-2021-3872 CVE-2021-4019 CVE-2021-4173 CVE-2021-4187 CVE-2022-0261 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0417 CVE-2022-0572 CVE-2022-1616 CVE-2022-1785 CVE-2022-1897 CVE-2022-1942 CVE-2022-2000 CVE-2022-2129 CVE-2022-2304 CVE-2022-3099 CVE-2022-3134 CVE-2022-3324 CVE-2022-4141 CVE-2023-0054 CVE-2023-1175 CVE-2023-2610 CVE-2023-4738 CVE-2023-4752 CVE-2023-4781 CVE-2023-5344 CVE-2024-22667 CVE-2024-43802 CVE-2024-47814 Debian Bug : 1015984 1019590 1027146 1031875 1035955 1053694 1084806 Multiple vulnerabilities were discovered i...
CVSS: HIGH (7.8)
March 30th, 2025 (3 months ago)
|
|
CVE-2025-26618 |
Description:
Nessus Plugin ID 233486 with High Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1051-1 advisory. - CVE-2025-26618: Fixed incorrect verification of SSH SFTP packet size in Erlang OTP (bsc#1237467)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/233486
CVSS: HIGH (7.0)
March 29th, 2025 (3 months ago)
|
|
CVE-2025-2803 |
Description: The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVSS: HIGH (7.3) EPSS Score: 0.2%
March 29th, 2025 (3 months ago)
|
|
CVE-2025-2249 |
Description: The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (8.8) EPSS Score: 0.26%
March 29th, 2025 (3 months ago)
|
|
CVE-2025-2006 |
Description: The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This may be exploitable by unauthenticated attackers when the "Allow guest users without accounts to create topics and replies" setting is enabled.
CVSS: HIGH (8.8) EPSS Score: 0.13%
March 29th, 2025 (3 months ago)
|