CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27152 |
Description: axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
CVSS: HIGH (7.7) EPSS Score: 0.05%
March 7th, 2025 (4 months ago)
|
|
CVE-2025-1887 |
Description: SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to obtain NTLMv2-SSP Hash by changing any of the paths to a UNC path pointing to a server controlled by the attacker.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 7th, 2025 (4 months ago)
|
|
CVE-2025-1886 |
Description: Pass-Back vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with administrator privileges to discover stored SMTP credentials.
CVSS: HIGH (7.1) EPSS Score: 0.03%
March 7th, 2025 (4 months ago)
|
|
CVE-2024-42104 |
Description:
Nessus Plugin ID 232280 with High Severity
Synopsis
The remote Amazon Linux AMI host is missing a security update.
Description
The version of kernel installed on the remote host is prior to 4.14.352-190.569. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1963 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries (CVE-2024-42104)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update kernel' to update your system.
Read more at https://www.tenable.com/plugins/nessus/232280
CVSS: HIGH (7.8) EPSS Score: 0.04%
March 7th, 2025 (4 months ago)
|
|
CVE-2024-42284 |
Description:
Nessus Plugin ID 232281 with High Severity
Synopsis
The remote Amazon Linux AMI host is missing a security update.
Description
The version of kernel installed on the remote host is prior to 4.14.353-190.569. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1962 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284) In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (CVE-2024-42285)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update kernel' to update your system.
Read more at https://www.tenable.com/plugins/nessus/232281
CVSS: HIGH (7.8) EPSS Score: 0.03%
March 7th, 2025 (4 months ago)
|
|
CVE-2021-46828 |
Description:
Nessus Plugin ID 232282 with High Severity
Synopsis
The remote Amazon Linux 2023 host is missing a security update.
Description
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-890 advisory. In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. (CVE-2021-46828)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'dnf update libtirpc --releasever 2023.6.20250303' to update your system.
Read more at https://www.tenable.com/plugins/nessus/232282
CVSS: HIGH (7.5)
March 7th, 2025 (4 months ago)
|
|
CVE-2022-42004 |
Description:
Nessus Plugin ID 232283 with High Severity
Synopsis
The remote Amazon Linux 2023 host is missing a security update.
Description
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-889 advisory. In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. (CVE-2022-42004)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Run 'dnf update aws-kinesis-agent --releasever 2023.6.20250303' to update your system.
Read more at https://www.tenable.com/plugins/nessus/232283
CVSS: HIGH (7.5)
March 7th, 2025 (4 months ago)
|
|
CVE-2024-49995 |
Description:
Nessus Plugin ID 232285 with High Severity
Synopsis
The remote Amazon Linux AMI host is missing a security update.
Description
The version of kernel installed on the remote host is prior to 4.14.355-194.598. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2025-1961 advisory. In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun (CVE-2024-49995) In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access (CVE-2024-50035) In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad (CVE-2024-50143) In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing (CVE-2024-50279) In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() (CVE-2024-56631) In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (CVE-2024-56642)Tenable has extracted the preceding description block directly from the tested product security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Run 'yum update kernel' to update you...
CVSS: HIGH (7.8)
March 7th, 2025 (4 months ago)
|
|
CVE-2025-26331 |
Description: Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution.
CVSS: HIGH (7.8) EPSS Score: 0.06%
March 7th, 2025 (4 months ago)
|
|
CVE-2025-0959 |
Description: The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_id parameter in all versions up to, and including, 3.9.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: HIGH (8.8) EPSS Score: 0.03%
March 7th, 2025 (4 months ago)
|