CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-26528
[moodle/moodle] Moodle has a stored XSS in ddimageortext question type
Description: The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk. References https://nvd.nist.gov/vuln/detail/CVE-2025-26528 https://moodle.org/mod/forum/discuss.php?d=466144 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82896 https://github.com/advisories/GHSA-h697-w4ph-7pcx

CVSS: LOW (3.4)

EPSS Score: 0.03%

Source: Github Advisory Database (Composer)
February 24th, 2025 (5 months ago)

CVE-2025-26531
[moodle/moodle] Moodle has an IDOR in badges allows disabling of arbitrary badges
Description: Insufficient capability checks made it possible to disable badges a user does not have permission to access. References https://nvd.nist.gov/vuln/detail/CVE-2025-26531 https://moodle.org/mod/forum/discuss.php?d=466148 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84239 https://github.com/advisories/GHSA-g88w-v4cq-qgcp

CVSS: LOW (3.1)

EPSS Score: 0.03%

Source: Github Advisory Database (Composer)
February 24th, 2025 (5 months ago)

CVE-2025-26532
[moodle/moodle] Moodle allows teachers to evade trusttext config when restoring glossary entries
Description: Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored. References https://nvd.nist.gov/vuln/detail/CVE-2025-26532 https://moodle.org/mod/forum/discuss.php?d=466149 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-84003 https://github.com/advisories/GHSA-cw24-f6fq-7j9v

CVSS: LOW (3.1)

EPSS Score: 0.03%

Source: Github Advisory Database (Composer)
February 24th, 2025 (5 months ago)

CVE-2025-26532
Teachers can evade trusttext config when restoring glossary entries
Description: Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.

CVSS: LOW (3.1)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (5 months ago)

CVE-2025-26531
IDOR in badges allows disabling of arbitrary badges
Description: Insufficient capability checks made it possible to disable badges a user does not have permission to access.

CVSS: LOW (3.1)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (5 months ago)

CVE-2025-26528
Stored XSS in ddimageortext question type
Description: The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.

CVSS: LOW (3.4)

EPSS Score: 0.03%

Source: CVE
February 24th, 2025 (5 months ago)

CVE-2025-1412
[github.com/mattermost/mattermost/server/v8] Mattermost fails to invalidate all active sessions when converting a user to a bot
Description: Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot. References https://nvd.nist.gov/vuln/detail/CVE-2025-1412 https://mattermost.com/security-updates https://github.com/mattermost/mattermost/commit/faa7e4f2ea0cca2fd2aba271912b9fc3be788842 https://github.com/advisories/GHSA-rhvr-6w8c-6v7w

CVSS: LOW (3.1)

EPSS Score: 0.02%

Source: Github Advisory Database (Go)
February 24th, 2025 (5 months ago)

CVE-2025-1632
libarchive bsdunzip.c list null pointer dereference
Description: A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine Schwachstelle in libarchive bis 3.7.7 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist die Funktion list der Datei bsdunzip.c. Durch Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.3)

EPSS Score: 0.02%

Source: CVE
February 24th, 2025 (5 months ago)

CVE-2025-1412
Session Persistence After User-to-Bot Conversion
Description: Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on the permissions granted to the bot.

CVSS: LOW (3.1)

EPSS Score: 0.02%

Source: CVE
February 24th, 2025 (5 months ago)

CVE-2025-1577
code-projects Blood Bank System prostatus.php cross site scripting
Description: A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /prostatus.php. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine problematische Schwachstelle wurde in code-projects Blood Bank System 1.0 entdeckt. Dies betrifft einen unbekannten Teil der Datei /prostatus.php. Durch die Manipulation des Arguments message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.5)

EPSS Score: 0.03%

Source: CVE
February 23rd, 2025 (5 months ago)