CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24049 |
Description:
Nessus Plugin ID 233396 with High Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:1019-1 advisory. - CVE-2025-24049: Fixed improper neutralization of special elements used in a command allows an unauthorized attacker to elevate privileges locally (bsc#1239460).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected azure-cli-core package.
Read more at https://www.tenable.com/plugins/nessus/233396
CVSS: HIGH (8.4) EPSS Score: 0.07%
March 27th, 2025 (3 months ago)
|
|
CVE-2023-28617 |
Description:
Nessus Plugin ID 233403 with High Severity
Synopsis
The remote Ubuntu host is missing one or more security updates.
Description
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7375-1 advisory. It was discovered that Org Mode did not correctly handle filenames containing shell metacharacters. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-28617) It was discovered that Org Mode could run untrusted code left in its buffer. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-30202) It was discovered that Org Mode did not correctly handle the contents of remote files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-30205) It was discovered that Org Mode could be made to run arbitrary Elisp code. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-39331)Tenable has extracted the preceding description block directly from the Ubuntu security advisory.Note...
CVSS: HIGH (7.8)
March 27th, 2025 (3 months ago)
|
|
CVE-2025-22230 |
Description:
Nessus Plugin ID 233416 with High Severity
Synopsis
The virtualization tool suite is installed on the remote Windows host is affected by an authentication bypass vulnerability.
Description
The version of VMware Tools installed on the remote Windows host is 11.x or 12.x prior to 12.5.1. It is, therefore, affected by an authentication bypass vulnerability: - VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM. (CVE-2025-22230)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to VMware Tools version 12.5.1 or later.
Read more at https://www.tenable.com/plugins/nessus/233416
CVSS: HIGH (7.8) EPSS Score: 0.01%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-30921 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Software Newsletters allows SQL Injection. This issue affects Newsletters: from n/a through 4.9.9.7.
CVSS: HIGH (7.6) EPSS Score: 0.04%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-30919 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Store Locator Widgets Store Locator Widget allows Stored XSS. This issue affects Store Locator Widget: from n/a through 20200131.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-30895 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in magepeopleteam WpEvently allows PHP Local File Inclusion. This issue affects WpEvently: from n/a through 4.2.9.
CVSS: HIGH (7.5) EPSS Score: 0.05%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-30891 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpTravelly allows PHP Local File Inclusion. This issue affects WpTravelly: from n/a through 1.8.7.
CVSS: HIGH (8.8) EPSS Score: 0.13%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-30890 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SuitePlugins Login Widget for Ultimate Member allows PHP Local File Inclusion. This issue affects Login Widget for Ultimate Member: from n/a through 1.1.2.
CVSS: HIGH (7.5) EPSS Score: 0.13%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-30879 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in moreconvert MC Woocommerce Wishlist allows SQL Injection. This issue affects MC Woocommerce Wishlist: from n/a through 1.8.9.
CVSS: HIGH (7.6) EPSS Score: 0.04%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-30871 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine allows PHP Local File Inclusion. This issue affects WP Travel Engine: from n/a through 6.3.5.
CVSS: HIGH (7.5) EPSS Score: 0.13%
March 27th, 2025 (3 months ago)
|