CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24023 |
Description: Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3.
CVSS: LOW (3.7) EPSS Score: 0.05%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-0895 |
Description: IBM Cognos Analytics Mobile 1.1 for Android could allow a user with physical access to the device, to obtain sensitive information from debugging code log messages.
CVSS: LOW (2.4) EPSS Score: 0.02%
March 2nd, 2025 (4 months ago)
|
|
CVE-2024-55907 |
Description: IBM Cognos Analytics Mobile 1.1 for iOS application could allow an attacker to reverse engineer the codebase to gain knowledge about the programming technique, interface, class definitions, algorithms and functions used due to weak obfuscation.
CVSS: LOW (2.0) EPSS Score: 0.02%
March 2nd, 2025 (4 months ago)
|
|
CVE-2024-53104 |
Description:
Nessus Plugin ID 216949 with Medium Severity
Synopsis
The remote Oracle Linux host is missing a security update.
Description
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-1659 advisory. - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CKI Backport Bot) [RHEL-78075] {CVE-2024-53104} - mm: migrate: fix getting incorrect page mapping during page migration (Rafael Aquini) [RHEL-70898 RHEL-27742 RHEL-28873] {CVE-2023-52490}Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/216949
CVSS: LOW (0.0)
March 1st, 2025 (4 months ago)
|
|
CVE-2025-1795 |
Description: During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also unicode-encoded. Expected behavior is that the separating comma remains a plan comma. This can result in the address header being misinterpreted by some mail servers.
CVSS: LOW (2.3) EPSS Score: 0.07%
February 28th, 2025 (4 months ago)
|
|
CVE-2025-27400 |
Description: Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.1 contain a vulnerability that allows script execution in the admin panel which could lead to cross-site scripting against authenticated admin users. The attack requires an admin user with configuration access, so in practicality it is not very likely to be useful given that a user with this level of access is probably already a full admin. Versions 20.12.3 and 20.13.1 contain a patch for the issue.
CVSS: LOW (2.9) EPSS Score: 0.12% SSVC Exploitation: none
February 28th, 2025 (4 months ago)
|
|
CVE-2025-22274 |
Description: It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page.
This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.
CVSS: LOW (2.0) EPSS Score: 0.04%
February 28th, 2025 (4 months ago)
|
|
CVE-2025-22272 |
Description: In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the Content-Security-Policy policy
This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.
CVSS: LOW (2.1) EPSS Score: 0.04%
February 28th, 2025 (4 months ago)
|
|
CVE-2024-34015 |
Description: Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892.
CVSS: LOW (3.3) EPSS Score: 0.02% SSVC Exploitation: none
February 27th, 2025 (5 months ago)
|
|
CVE-2024-30347 |
Description: Foxit PDF Reader U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22910.
CVSS: LOW (3.3) EPSS Score: 0.1% SSVC Exploitation: none
February 27th, 2025 (5 months ago)
|