CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-42104
Amazon Linux AMI : kernel (ALAS-2025-1963)
Description: Nessus Plugin ID 232280 with High Severity Synopsis The remote Amazon Linux AMI host is missing a security update. Description The version of kernel installed on the remote host is prior to 4.14.352-190.569. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1963 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries (CVE-2024-42104)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'yum update kernel' to update your system. Read more at https://www.tenable.com/plugins/nessus/232280

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: Tenable Plugins
March 7th, 2025 (4 months ago)

CVE-2024-42284
Amazon Linux AMI : kernel (ALAS-2025-1962)
Description: Nessus Plugin ID 232281 with High Severity Synopsis The remote Amazon Linux AMI host is missing a security update. Description The version of kernel installed on the remote host is prior to 4.14.353-190.569. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1962 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (CVE-2024-42285)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Run 'yum update kernel' to update your system. Read more at https://www.tenable.com/plugins/nessus/232281

CVSS: HIGH (7.8)

EPSS Score: 0.03%

Source: Tenable Plugins
March 7th, 2025 (4 months ago)

CVE-2021-46828
Amazon Linux 2023 : libtirpc, libtirpc-devel (ALAS2023-2025-890)
Description: Nessus Plugin ID 232282 with High Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-890 advisory. In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. (CVE-2021-46828)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'dnf update libtirpc --releasever 2023.6.20250303' to update your system. Read more at https://www.tenable.com/plugins/nessus/232282

CVSS: HIGH (7.5)

Source: Tenable Plugins
March 7th, 2025 (4 months ago)

CVE-2022-42004
Amazon Linux 2023 : aws-kinesis-agent (ALAS2023-2025-889)
Description: Nessus Plugin ID 232283 with High Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-889 advisory. In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Run 'dnf update aws-kinesis-agent --releasever 2023.6.20250303' to update your system. Read more at https://www.tenable.com/plugins/nessus/232283

CVSS: HIGH (7.5)

Source: Tenable Plugins
March 7th, 2025 (4 months ago)

CVE-2024-49995
Amazon Linux AMI : kernel (ALAS-2025-1961)
Description: Nessus Plugin ID 232285 with High Severity Synopsis The remote Amazon Linux AMI host is missing a security update. Description The version of kernel installed on the remote host is prior to 4.14.355-194.598. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1961 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun (CVE-2024-49995) In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access (CVE-2024-50035) In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad (CVE-2024-50143) In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing (CVE-2024-50279) In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631) In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (CVE-2024-56642)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Run 'yum update kernel' to update you...

CVSS: HIGH (7.8)

Source: Tenable Plugins
March 7th, 2025 (4 months ago)

CVE-2025-26331
Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low...
Description: Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.

CVSS: HIGH (7.8)

EPSS Score: 0.06%

Source: CVE
March 7th, 2025 (4 months ago)

CVE-2025-0959
Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated (Subscriber+) SQL Injection via reg_id
Description: The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_id parameter in all versions up to, and including, 3.9.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVSS: HIGH (8.8)

EPSS Score: 0.03%

Source: CVE
March 7th, 2025 (4 months ago)

CVE-2024-9658
School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation
Description: The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email and password through the mj_smgt_update_user() and mj_smgt_add_admission() functions, along with a local file inclusion vulnerability. This makes it possible for authenticated attackers, with student-level access and above, to change arbitrary user's email addresses and passwords, including administrators, and leverage that to gain access to their account. This was escalated four months ago after no response to our initial outreach, yet it still vulnerable.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
March 7th, 2025 (4 months ago)

CVE-2024-12036
CS Framework <= 7.1 - Authenticated (Subscriber+) Arbitrary File Read
Description: The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
March 7th, 2025 (4 months ago)

CVE-2024-12035
CS Framework <= 7.0 - Authenticated (Subscriber+) Arbitrary File Deletion
Description: The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

CVSS: HIGH (8.8)

EPSS Score: 0.31%

Source: CVE
March 7th, 2025 (4 months ago)