CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-13124 |
Description: The Photo Gallery by 10Web WordPress plugin before 1.8.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: LOW (3.5) EPSS Score: 0.03%
March 24th, 2025 (4 months ago)
|
|
CVE-2025-24912 |
Description:
Nessus Plugin ID 233203 with Low Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0977-1 advisory. - CVE-2025-24912: Fixed hostapd failing to process crafted RADIUS packets properly (bsc#1239461)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected wpa_supplicant and / or wpa_supplicant-gui packages.
Read more at https://www.tenable.com/plugins/nessus/233203
CVSS: LOW (3.7) EPSS Score: 0.26%
March 22nd, 2025 (4 months ago)
|
|
CVE-2025-1632 |
Description:
Nessus Plugin ID 233204 with Medium Severity
Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0985-1 advisory. - CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c (bsc#1237606) - CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected bsdtar, libarchive-devel, libarchive13 and / or libarchive13-32bit packages.
Read more at https://www.tenable.com/plugins/nessus/233204
CVSS: LOW (3.3) EPSS Score: 0.02%
March 22nd, 2025 (4 months ago)
|
|
CVE-2025-1795 |
Description:
Nessus Plugin ID 233206 with Low Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0981-1 advisory. - CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers (bsc#1238450).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected libpython3_11-1_0, python311 and / or python311-base packages.
Read more at https://www.tenable.com/plugins/nessus/233206
CVSS: LOW (2.3) EPSS Score: 0.07%
March 22nd, 2025 (4 months ago)
|
|
CVE-2025-1795 |
Description:
Nessus Plugin ID 233211 with Low Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0982-1 advisory. - CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers (bsc#1238450).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/233211
CVSS: LOW (2.3) EPSS Score: 0.07%
March 22nd, 2025 (4 months ago)
|
|
CVE-2025-1972 |
Description: The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.
CVSS: LOW (2.7) EPSS Score: 0.05%
March 22nd, 2025 (4 months ago)
|
|
CVE-2025-27715 |
Description: Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them.
CVSS: LOW (3.3) EPSS Score: 0.03%
March 21st, 2025 (4 months ago)
|
|
CVE-2025-2584 |
Description: A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. In WebAssembly wabt 1.0.36 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion BinaryReaderInterp::GetReturnCallDropKeepCount der Datei wabt/src/interp/binary-reader-interp.cc. Mit der Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.3) EPSS Score: 0.04%
March 21st, 2025 (4 months ago)
|
|
CVE-2025-30345 |
Description: An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chat_group.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded properly, but not when deleting chats or deleting messages in these chats. This potentially allows attackers to interfere with the layout of the rendered website, but it is unlikely that victims would click on deleted chats or deleted messages.
CVSS: LOW (3.5) EPSS Score: 0.03%
March 21st, 2025 (4 months ago)
|
|
CVE-2025-30343 |
Description: A directory traversal issue was discovered in OpenSlides before 4.2.5. Files can be uploaded to OpenSlides meetings and organized in folders. The interface allows users to download a ZIP archive that contains all files in a folder and its subfolders. If an attacker specifies the title of a file or folder as a relative or absolute path (e.g., ../../../etc/passwd), the ZIP archive generated for download converts that title into a path. Depending on the extraction tool used by the user, this might overwrite files locally outside of the chosen directory.
CVSS: LOW (3.0) EPSS Score: 0.18%
March 21st, 2025 (4 months ago)
|