CyberAlerts

CVE-2025-0975

Description: IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters.

CVSS: HIGH (8.8)

EPSS Score: 0.07%

Source: CVE

February 28th, 2025 (4 months ago)

CVE-2025-27154

[spotipy] Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Description: Summary The CacheHandler class creates a cache file to store the auth token here: https://github.com/spotipy-dev/spotipy/blob/master/spotipy/cache_handler.py#L93-L98 The file created has rw-r--r-- (644) permissions by default, when it could be locked down to rw------- (600) permissions. I think 600 is a sensible default. Details This leads to overly broad exposure of the spotify auth token. If this token can be read by an attacker (another user on the machine, or a process running as another user), it can be used to perform administrative actions on the Spotify account, depending on the scope granted to the token. PoC Run an application that uses spotipy with client creation like this: from pathlib import Path import spotipy from os import getenv def create_spotify_client(client_id: str, client_secret: str) -> spotipy.Spotify: """Create and return an authenticated Spotify client. Args: client_id: Spotify API client ID client_secret: Spotify API client secret Returns: An authenticated Spotify client instance """ cache_path = Path.home() / ".cache" / "spotify-backup/.auth_cache" cache_path.parent.mkdir(parents=True, exist_ok=True) cache_handler = spotipy.cache_handler.CacheFileHandler(cache_path=str(cache_path)) client = spotipy.Spotify( auth_manager=spotipy.oauth2.SpotifyOAuth( client_id=client_id, client_secret=client_secret, redirect_uri="http://localhost:8000/callback...

CVSS: HIGH (8.4)

EPSS Score: 0.01%

Source: Github Advisory Database (PIP)

February 28th, 2025 (4 months ago)

CVE-2025-1687

Cardealer <= 1.6.4 - Cross-Site Request Forgery to User Update via update_user_profile

Description: The Cardealer theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4. This is due to missing nonce validation on the 'update_user_profile' function. This makes it possible for unauthenticated attackers to update the user email and password via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: HIGH (8.8)

EPSS Score: 0.02%

Source: CVE

February 28th, 2025 (4 months ago)

CVE-2025-1682

Cardealer <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation

Description: The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the default user role.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE

February 28th, 2025 (4 months ago)

CVE-2024-12811

Traveler <= 3.1.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode

Description: The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_slider' shortcode 'style' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.

CVSS: HIGH (8.8)

EPSS Score: 0.1%

Source: CVE

February 28th, 2025 (4 months ago)

CVE-2024-31109

WordPress Woocommerce Social Media Share Buttons plugin <= 1.3.0 - CSRF to Cross Site Scripting (XSS) vulnerability

Description: Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Woocommerce Social Media Share Buttons allows Stored XSS.This issue affects Woocommerce Social Media Share Buttons: from n/a through 1.3.0.

CVSS: HIGH (7.1)

EPSS Score: 0.07%

SSVC Exploitation: none

Source: CVE

February 27th, 2025 (4 months ago)

CVE-2024-30341

Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability

Description: Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22709.

CVSS: HIGH (7.8)

EPSS Score: 0.22%

SSVC Exploitation: none

Source: CVE

February 27th, 2025 (4 months ago)

CVE-2024-30330

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Description: Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22636.

CVSS: HIGH (7.8)

EPSS Score: 0.29%

SSVC Exploitation: none

Source: CVE

February 27th, 2025 (4 months ago)

CVE-2024-27335

Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Description: Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22018.

CVSS: HIGH (7.8)

EPSS Score: 0.16%

SSVC Exploitation: none

Source: CVE

February 27th, 2025 (4 months ago)

CVE-2025-1756

[mongosh] mongosh vulnerable to local privilege escalation

Description: mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules. This issue affects mongosh prior to 2.3.0. References https://nvd.nist.gov/vuln/detail/CVE-2025-1756 https://access.redhat.com/errata/RHSA-2025:1756 https://jira.mongodb.org/browse/MONGOSH-2028 https://github.com/advisories/GHSA-f5w3-73h4-jpcm

CVSS: HIGH (7.5)

EPSS Score: 0.01%

Source: Github Advisory Database (NPM)

February 27th, 2025 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-0975	IBM MQ code execution Description: IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD console could allow an authenticated user to execute code due to improper neutralization of escape characters. CVSS: HIGH (8.8) EPSS Score: 0.07% Source: CVE February 28th, 2025 (4 months ago)
CVE-2025-27154	[spotipy] Spotipy's cache file, containing spotify auth token, is created with overly broad permissions Description: Summary The CacheHandler class creates a cache file to store the auth token here: https://github.com/spotipy-dev/spotipy/blob/master/spotipy/cache_handler.py#L93-L98 The file created has rw-r--r-- (644) permissions by default, when it could be locked down to rw------- (600) permissions. I think 600 is a sensible default. Details This leads to overly broad exposure of the spotify auth token. If this token can be read by an attacker (another user on the machine, or a process running as another user), it can be used to perform administrative actions on the Spotify account, depending on the scope granted to the token. PoC Run an application that uses spotipy with client creation like this: from pathlib import Path import spotipy from os import getenv def create_spotify_client(client_id: str, client_secret: str) -> spotipy.Spotify: """Create and return an authenticated Spotify client. Args: client_id: Spotify API client ID client_secret: Spotify API client secret Returns: An authenticated Spotify client instance """ cache_path = Path.home() / ".cache" / "spotify-backup/.auth_cache" cache_path.parent.mkdir(parents=True, exist_ok=True) cache_handler = spotipy.cache_handler.CacheFileHandler(cache_path=str(cache_path)) client = spotipy.Spotify( auth_manager=spotipy.oauth2.SpotifyOAuth( client_id=client_id, client_secret=client_secret, redirect_uri="http://localhost:8000/callback... CVSS: HIGH (8.4) EPSS Score: 0.01% Source: Github Advisory Database (PIP) February 28th, 2025 (4 months ago)
CVE-2025-1687	Cardealer <= 1.6.4 - Cross-Site Request Forgery to User Update via update_user_profile Description: The Cardealer theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.4. This is due to missing nonce validation on the 'update_user_profile' function. This makes it possible for unauthenticated attackers to update the user email and password via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. CVSS: HIGH (8.8) EPSS Score: 0.02% Source: CVE February 28th, 2025 (4 months ago)
CVE-2025-1682	Cardealer <= 1.6.4 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation Description: The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the default user role. CVSS: HIGH (8.8) EPSS Score: 0.04% Source: CVE February 28th, 2025 (4 months ago)
CVE-2024-12811	Traveler <= 3.1.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode Description: The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_slider' shortcode 'style' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. CVSS: HIGH (8.8) EPSS Score: 0.1% Source: CVE February 28th, 2025 (4 months ago)
CVE-2024-31109	WordPress Woocommerce Social Media Share Buttons plugin <= 1.3.0 - CSRF to Cross Site Scripting (XSS) vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in Toastie Studio Woocommerce Social Media Share Buttons allows Stored XSS.This issue affects Woocommerce Social Media Share Buttons: from n/a through 1.3.0. CVSS: HIGH (7.1) EPSS Score: 0.07% SSVC Exploitation: none Source: CVE February 27th, 2025 (4 months ago)
CVE-2024-30341	Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability Description: Foxit PDF Reader Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22709. CVSS: HIGH (7.8) EPSS Score: 0.22% SSVC Exploitation: none Source: CVE February 27th, 2025 (4 months ago)
CVE-2024-30330	Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability Description: Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22636. CVSS: HIGH (7.8) EPSS Score: 0.29% SSVC Exploitation: none Source: CVE February 27th, 2025 (4 months ago)
CVE-2024-27335	Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability Description: Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22018. CVSS: HIGH (7.8) EPSS Score: 0.16% SSVC Exploitation: none Source: CVE February 27th, 2025 (4 months ago)
CVE-2025-1756	[mongosh] mongosh vulnerable to local privilege escalation Description: mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules. This issue affects mongosh prior to 2.3.0. References https://nvd.nist.gov/vuln/detail/CVE-2025-1756 https://access.redhat.com/errata/RHSA-2025:1756 https://jira.mongodb.org/browse/MONGOSH-2028 https://github.com/advisories/GHSA-f5w3-73h4-jpcm CVSS: HIGH (7.5) EPSS Score: 0.01% Source: Github Advisory Database (NPM) February 27th, 2025 (4 months ago)