CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2023-52892 |
Description:
Nessus Plugin ID 215157 with High Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b38cbff99d advisory. Security fix for CVE-2023-52892, CVE-2024-27354Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected php-phpseclib package.
Read more at https://www.tenable.com/plugins/nessus/215157
CVSS: HIGH (7.5)
February 9th, 2025 (5 months ago)
|
|
CVE-2025-0638 |
Description:
Nessus Plugin ID 215162 with High Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-46db4ee37e advisory. ## New * ASPA support is now always compiled in and available if `enable-aspa` is set. The `aspa` Cargo feature has been removed. ([#990]) * If merging mutliple ASPA objects for a single customer ASN results in more than 16,380 provider ASNs, the ASPA is dropped. (Note that ASPA objects with more than 16,380 provider ASNs are already rejected during parsing.) ([#996]) * New `archive-stats` command that shows some statistics of an RRDP archive. ([#982]) * Re-enabled the use of GZIP compression in HTTP request sent by the RRDP collector. Measures to deal with exploding data have been implemented in [rpki-rs#319]. ([#997]) ## Bug fixes * Fixed an issue with checking the file names in manifests that let to a crash when non-ASCII characters are used. ([rpki-rs#320], reported by Haya Schulmann and Niklas Vogel of Goethe University Frankfurt/ATHENE Center and assigned [CVE-2025-0638]) * The validation HTTP endpoints now accept prefixes with non-zero host bits. ([#987]) * Removed duplicate `rtr_client_reset_queries` in HTTP metrics. ([#992] by [@sleinen]) * Improved disk space consumption of the new RRDP archives by re-using empty spa...
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 9th, 2025 (5 months ago)
|
|
CVE-2023-52892 |
Description:
Nessus Plugin ID 215152 with High Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-91d6e174d9 advisory. Security fix for CVE-2023-52892, CVE-2024-27354Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected php-phpseclib package.
Read more at https://www.tenable.com/plugins/nessus/215152
CVSS: HIGH (7.5)
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25187 |
Description: Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's `dangerouslySetInnerHTML`, without first escaping HTML entities. Joplin lacks a Content-Security-Policy with a restrictive `script-src`. This allows arbitrary JavaScript execution via inline `onclick`/`onload` event handlers in unsanitized HTML. Additionally, Joplin's main window is created with `nodeIntegration` set to `true`, allowing arbitrary JavaScript execution to result in arbitrary code execution. Anyone who 1) receives notes from unknown sources and 2) uses ctrl-p to search is impacted. This issue has been addressed in version 3.1.24 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (7.8) EPSS Score: 0.05%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25168 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting (XSS). This issue affects BookPress – For Book Authors: from n/a through 1.2.7.
CVSS: HIGH (7.1) EPSS Score: 0.05%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25167 |
Description: Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BookPress – For Book Authors: from n/a through 1.2.7.
CVSS: HIGH (8.2) EPSS Score: 0.09%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25166 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation allows Stored XSS. This issue affects InLocation: from n/a through 1.8.
CVSS: HIGH (7.1) EPSS Score: 0.05%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25163 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal. This issue affects Plugin A/B Image Optimizer: from n/a through 3.3.
CVSS: HIGH (7.5) EPSS Score: 0.09%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25160 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker allows Stored XSS. This issue affects Style Tweaker: from n/a through 0.11.
CVSS: HIGH (7.1) EPSS Score: 0.05%
February 8th, 2025 (5 months ago)
|
|
CVE-2025-25159 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robert_kolatzek WP doodlez allows Stored XSS. This issue affects WP doodlez: from n/a through 1.0.10.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 8th, 2025 (5 months ago)
|