CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-13611
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.6.9 - Unauthenticated Sensitive Information Exposure...
Description: The Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the 'bp-better-messages' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/bp-better-messages directory which can contain file attachments included in chat messages.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
March 1st, 2025 (4 months ago)

CVE-2024-49960
Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-802)
Description: Nessus Plugin ID 216951 with High Severity Synopsis The remote Amazon Linux 2023 host is missing a security update. Description It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-802 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount (CVE-2024-49960) In the Linux kernel, the following vulnerability has been resolved: net: do not delay dst_entries_add() in dst_release() (CVE-2024-50036) In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args (CVE-2024-50067) In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional check in ntfs_file_release (CVE-2024-50242) In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check if more than chunk-size bytes are written (CVE-2024-50247) In the Linux kernel, the following vulnerability has been resolved: netfilter: Fix use-after-free in get_info() (CVE-2024-50257) In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262) In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (CVE-2024-50264) In the Linux kernel, the following vulnerability has been resolve...

CVSS: HIGH (7.8)

EPSS Score: 0.03%

Source: Tenable Plugins
March 1st, 2025 (4 months ago)

CVE-2023-40022
Fedora 40 : cutter-re / rizin (2025-6f77f6c77a)
Description: Nessus Plugin ID 216954 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-6f77f6c77a advisory. CVE-2023-40022 rizin: Integer Overflow in C++ demangler logic CVE-2024-31669 rizin: Uncontrolled Resource Consumption via bin_pe_parse_imports CVE-2024-31670 rizin: buffer overflow via create_cache_bins CVE-2024-31668 rizin: improper neutralization of special elements via meta_set function CVE-2024-53256 rizin: Rizin has a command injection via RzBinInfo bclass due legacy code ---- rizin 0.7.2 / cutter-re 2.3.4 (fix changelog) ---- rizin 0.7.2 / cutter-re 2.3.4Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected cutter-re and / or rizin packages. Read more at https://www.tenable.com/plugins/nessus/216954

CVSS: HIGH (7.8)

Source: Tenable Plugins
March 1st, 2025 (4 months ago)

CVE-2024-13911
Database Backup and check Tables Automated With Scheduler 2024 <= 2.35 - Authenticated (Administrator+) Sensitive Information Exposure
Description: The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.35 via the /dashboard/backup.php file. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data including full database credentials.

CVSS: HIGH (7.2)

EPSS Score: 0.1%

Source: CVE
March 1st, 2025 (4 months ago)

CVE-2024-12544
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing Authorization to Auth...
Description: The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJS_DeleteFile class in all versions up to, and including, 1.12.17. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). This function is still vulnerable to Cross-Site Request Forgery as of 1.12.20.

CVSS: HIGH (8.8)

EPSS Score: 0.23%

Source: CVE
March 1st, 2025 (4 months ago)

CVE-2024-13373
Exertio Framework <= 1.3.1 - Unauthenticated Arbitrary User Password Update
Description: The Exertio Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.1. This is due to the plugin not properly validating a user's identity prior to updating their password through the fl_forgot_pass_new() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

CVSS: HIGH (8.1)

EPSS Score: 0.05%

Source: CVE
March 1st, 2025 (4 months ago)

CVE-2024-45710
SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Description: SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.

CVSS: HIGH (7.8)

EPSS Score: 0.22%

SSVC Exploitation: none

Source: CVE
March 1st, 2025 (4 months ago)

CVE-2024-13568
Fluent Support – Helpdesk & Customer Support Ticket System <= 1.8.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory
Description: The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.5 via the 'fluent-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/fluent-support directory which can contain file attachments included in support tickets.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
March 1st, 2025 (4 months ago)

CVE-2025-23119
An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution (RCE) by a malicious...
Description: An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras adjacent network.

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: CVE
March 1st, 2025 (4 months ago)

CVE-2024-1509
Brocade ASCG 3.2.0 web interface does not enforce HSTS, as defined by RFC 6797 for ports 8030 and 8100
Description: Brocade ASCG before 3.2.0 Web Interface is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.

CVSS: HIGH (7.6)

EPSS Score: 0.02%

Source: CVE
February 28th, 2025 (4 months ago)