CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56171 |
Description:
Nessus Plugin ID 233209 with High Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0976-1 advisory. - CVE-2024-56171: Fixed use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: Fixed stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: Fixed NULL Pointer Dereference in libxml2 xmlPatMatch (bsc#1237418).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/233209
CVSS: HIGH (7.8)
March 22nd, 2025 (3 months ago)
|
|
CVE-2025-1971 |
Description: The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'form_data' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
CVSS: HIGH (7.2) EPSS Score: 0.15%
March 22nd, 2025 (3 months ago)
|
|
CVE-2025-1970 |
Description: The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validate_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
CVSS: HIGH (7.6) EPSS Score: 0.04%
March 22nd, 2025 (3 months ago)
|
|
CVE-2025-2303 |
Description: The Block Logic – Full Gutenberg Block Display Control plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.8 via the block_logic_check_logic function. This is due to the unsafe evaluation of user-controlled input. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
CVSS: HIGH (8.8) EPSS Score: 0.27%
March 22nd, 2025 (3 months ago)
|
|
CVE-2025-0724 |
Description: The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 via deserialization of untrusted input in the get_user_meta_fields_html function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present.
CVSS: HIGH (8.8) EPSS Score: 0.09%
March 22nd, 2025 (3 months ago)
|
|
CVE-2025-2610 |
Description: Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php.
This issue affects MagnusBilling: through 7.3.0.
CVSS: HIGH (7.6) EPSS Score: 0.03%
March 21st, 2025 (3 months ago)
|
|
CVE-2025-2609 |
Description: Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is associated with program files protected/components/MagnusLog.Php.
This issue affects MagnusBilling: through 7.3.0.
CVSS: HIGH (8.2) EPSS Score: 0.08%
March 21st, 2025 (3 months ago)
|
|
CVE-2025-30204 |
Description: golang-jwt is a Go implementation of JSON Web Tokens. Prior to
5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
CVSS: HIGH (7.5) EPSS Score: 0.02%
March 21st, 2025 (3 months ago)
|
|
CVE-2024-26314 |
Description: Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code.
CVSS: HIGH (7.8) EPSS Score: 0.04% SSVC Exploitation: none
March 21st, 2025 (3 months ago)
|
|
CVE-2025-25035 |
Description: Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 (SP8), before 10.0.7 (SP7), before 10.0.6 (SP6) and Jalios Workplace 6.2, Jalios Workplace 6.1, Jalios Workplace 6.0, and Jalios Workplace 5.3 to 5.5
CVSS: HIGH (7.3) EPSS Score: 0.04% SSVC Exploitation: none
March 21st, 2025 (3 months ago)
|