CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-9334
Information Disclosure in E-Kent's Pallium Vehicle Tracking
Description: Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass.This issue affects Pallium Vehicle Tracking: before 17.10.2024.

CVSS: HIGH (8.2)

EPSS Score: 0.06%

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2025-1739
Multiple vulnerabilities in Trivision Camera NC227WF
Description: An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator's credentials in cleartext by sending a request against the server using curl with random credentials to "/en/player/activex_pal.asp" and successfully authenticating the application.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2025-1691
MongoDB Shell may be susceptible to Control Character Injection via autocomplete
Description: The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete text that is a prefix of the attacker’s prepared autocompletion. This issue affects mongosh versions prior to 2.3.9.  The vulnerability is exploitable only when mongosh is connected to a cluster that is partially or fully controlled by an attacker.

CVSS: HIGH (7.6)

EPSS Score: 0.05%

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2024-56171
CBL Mariner 2.0 Security Update: libxml2 (CVE-2024-56171)
Description: Nessus Plugin ID 216891 with High Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56171 advisory. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. (CVE-2024-56171)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/216891

CVSS: HIGH (7.8)

EPSS Score: 0.01%

Source: Tenable Plugins
February 27th, 2025 (4 months ago)

CVE-2025-24928
CBL Mariner 2.0 Security Update: libxml2 (CVE-2025-24928)
Description: Nessus Plugin ID 216892 with High Severity Synopsis The remote CBL Mariner host is missing one or more security updates. Description The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-24928 advisory. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. (CVE-2025-24928)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/216892

CVSS: HIGH (7.8)

EPSS Score: 0.01%

Source: Tenable Plugins
February 27th, 2025 (4 months ago)

CVE-2024-28757
Azure Linux 3.0 Security Update: expat (CVE-2024-28757)
Description: Nessus Plugin ID 216895 with High Severity Synopsis The remote Azure Linux host is missing one or more security updates. Description The version of expat installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28757 advisory. - libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). (CVE-2024-28757)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/216895

CVSS: HIGH (7.5)

EPSS Score: 0.49%

Source: Tenable Plugins
February 27th, 2025 (4 months ago)

CVE-2015-1379
SUSE SLES12 Security Update : socat (SUSE-SU-2025:0726-1)
Description: Nessus Plugin ID 216897 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:0726-1 advisory. - CVE-2015-1379: lack of async-signal-safe signal handlers can lead to crashes or freezing of socat processes (bsc#922903).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected socat package. Read more at https://www.tenable.com/plugins/nessus/216897

CVSS: HIGH (7.5)

Source: Tenable Plugins
February 27th, 2025 (4 months ago)

CVE-2025-1282
Car Dealer Automotive WordPress Theme – Responsive <= 1.6.3 - Authenticated (Subscriber+) Arbitrary File Deletion and Read
Description: The Car Dealer Automotive WordPress Theme – Responsive theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_post_photo() and add_car() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The add_car() function may also make it possible to read arbitrary files.

CVSS: HIGH (8.8)

EPSS Score: 0.35%

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2025-1717
Login Me Now <= 1.7.2 - Authentication Bypass
Description: The Login Me Now plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.2. This is due to insecure authentication based on an arbitrary transient name in the 'AutoLogin::listen()' function. This makes it possible for unauthenticated attackers to log in an existing user on the site, even an administrator. Note: this vulnerability requires using a transient name and value from another software, so the plugin is not inherently vulnerable on it's own.

CVSS: HIGH (8.1)

EPSS Score: 0.11%

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2025-1295
Templines Elementor Helper Core <= 2.7 - Authenticated (Subscriber+) Privilege Escalation
Description: The Templines Elementor Helper Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.7. This is due to allowing arbitrary user meta updates. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to Administrator. The vulnerability can only be exploited when the BuddyPress plugin is also installed and activated.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
February 27th, 2025 (4 months ago)