CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-13488 |
Description: The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: HIGH (7.5) EPSS Score: 0.06%
February 16th, 2025 (5 months ago)
|
|
CVE-2023-50658 |
Description:
Nessus Plugin ID 216342 with High Severity
Synopsis
The remote Azure Linux host is missing one or more security updates.
Description
The version of telegraf installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-50658 advisory. - The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. (CVE-2023-50658)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/216342
CVSS: HIGH (7.5)
February 15th, 2025 (5 months ago)
|
|
CVE-2024-41311 |
Description:
Nessus Plugin ID 216346 with High Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-666aaa6a0d advisory. Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more details about the changes since 1.17.6. **NOTE:** `heif-convert` tool was renamed to `heif-dec`. How to test: ========== Download and unzip sample images from [mastodon issue #31570](https://github.com/user- attachments/files/16734152/HEIF-images.zip). Try opening them with e.g. `loupe` or `gimp`. They fail to open with `libheif-1.17.6`, but should open successfully with `libheif-1.19.5`. Fixes [CVE-2024-41311](https://github.com/advisories/GHSA-mwf7-wfvq-vc32) .Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected libheif package.
Read more at https://www.tenable.com/plugins/nessus/216346
CVSS: HIGH (8.1)
February 15th, 2025 (5 months ago)
|
|
CVE-2024-41311 |
Description:
Nessus Plugin ID 216347 with High Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-8fdb7be3cb advisory. Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more details about the changes since 1.17.6. **NOTE:** `heif-convert` tool was renamed to `heif-dec`. How to test: ========== Download and unzip sample images from [mastodon issue #31570](https://github.com/user- attachments/files/16734152/HEIF-images.zip). Try opening them with e.g. `loupe` or `gimp`. They fail to open with `libheif-1.17.6`, but should open successfully with `libheif-1.19.5`. Fixes [CVE-2024-41311](https://github.com/advisories/GHSA-mwf7-wfvq-vc32) .Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected libheif package.
Read more at https://www.tenable.com/plugins/nessus/216347
CVSS: HIGH (8.1)
February 15th, 2025 (5 months ago)
|
|
CVE-2025-26819 |
Description: Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.
CVSS: HIGH (8.6) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2025-26788 |
Description: StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.
CVSS: HIGH (8.4) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2025-26523 |
Description: This vulnerability exists in RupeeWeb trading platform due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Successful exploitation of this vulnerability could allow an authenticated remote attacker to modify information belonging to other user accounts.
CVSS: HIGH (7.4) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2025-26522 |
Description: This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this vulnerability by manipulating API responses.
Successful exploitation of this vulnerability could allow the attacker to bypass Two-Factor Authentication (2FA) for other user accounts.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|
|
CVE-2025-26519 |
Description: musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.
CVSS: HIGH (8.1) EPSS Score: 0.05%
February 15th, 2025 (5 months ago)
|
|
CVE-2025-26508 |
Description: Certain HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed Printers may potentially be vulnerable to Remote Code Execution and Elevation of Privilege when processing a PostScript print job.
CVSS: HIGH (8.3) EPSS Score: 0.04%
February 15th, 2025 (5 months ago)
|