CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-4207 |
Description: Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected.
CVSS: MEDIUM (5.9) EPSS Score: 0.07% SSVC Exploitation: none
May 8th, 2025 (about 2 months ago)
|
|
Description: An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
References
https://nvd.nist.gov/vuln/detail/CVE-2025-32873
https://docs.djangoproject.com/en/dev/releases/security
https://groups.google.com/g/django-announce
https://www.djangoproject.com/weblog/2025/may/07/security-releases
http://www.openwall.com/lists/oss-security/2025/05/07/1
https://github.com/django/django/commit/9f3419b519799d69f2aba70b9d25abe2e70d03e0
https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2025-37.yaml
https://github.com/advisories/GHSA-8j24-cjrq-gr2m
CVSS: MEDIUM (5.3) EPSS Score: 0.02%
May 8th, 2025 (about 2 months ago)
|
|
|
[craftcms/cms] Craft CMS stores arbitrary content provided by unauthenticated users in session files
Description: Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at /var/lib/php/sessions. Such session files are named sess_[session_value], where [session_value] is provided to the client in a Set-Cookie response header. Craft CMS stores the return URL requested by the client without sanitizing parameters. Consequently, an unauthenticated client can introduce arbitrary values, such as PHP code, to a known local file location on the server. Craft CMS versions 5.7.5 and 4.15.3 have been released to address this issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-35939
https://github.com/craftcms/cms/pull/17220
https://github.com/craftcms/cms/releases/tag/4.15.3
https://github.com/craftcms/cms/releases/tag/5.7.5
https://github.com/craftcms/cms/commit/e4c7bac8f31010aee048409f9ef6f744a83146b2
https://github.com/advisories/GHSA-7vrx-9684-xrf2
CVSS: MEDIUM (5.3) EPSS Score: 39.61%
May 8th, 2025 (about 2 months ago)
|
|
|
Description: Summary
When using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session.
Details
Rack session middleware prepares the session at the beginning of request, then saves is back to the store with possible changes applied by host rack application. This way the session becomes to be a subject of race conditions in general sense over concurrent rack requests.
Impact
When using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie (already a major issue), the session may be restored if the attacker can trigger a long running request (within that same session) adjacent to the user logging out, in order to retain illicit access even after a user has attempted to logout.
Mitigation
Update to the latest version of rack, or
Ensure your application invalidates sessions atomically by marking them as logged out e.g., using a logged_out flag, instead of deleting them, and check this flag on every request to prevent reuse, or
Implement a custom session store that tracks session invalidation timestamps and refuses to accept session data if the session was invalidated after the request began.
Related
As this code was moved to rack-session in Rack 3+, see https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj for the equivalent advisory in rack-session (affecting Rack 3+ only).
References
https://github.com/rack/rack-session/se...
CVSS: MEDIUM (4.2) EPSS Score: 0.02%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-47730 |
Description: The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka Archive Signal) app with the credentials of logfile for the user and enRR8UVVywXYbFkqU#QDPRkO for the password.
CVSS: MEDIUM (4.8) EPSS Score: 0.06%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-4208 |
Description: The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Limited Code Execution in all versions up to, and including, 8.9.1 via the get_table_records function. This is due to the unsanitized use of user-supplied input in call_user_func(). This makes it possible for authenticated attackers, with Custom-level access, to execute arbitrary PHP functions that meet specific constraints (static methods or global functions accepting a single array parameter).
CVSS: MEDIUM (6.3) EPSS Score: 0.07%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-3862 |
Description: Contest Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 26.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.04%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-3506 |
Description: Files to be deployed with agents are accessible without authentication in Checkmk 2.1.0, Checkmk 2.2.0, Checkmk 2.3.0 and
CVSS: MEDIUM (6.3) EPSS Score: 0.06%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-3468 |
Description: The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the clean_html and form_fields parameters in all versions up to, and including, 8.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
May 8th, 2025 (about 2 months ago)
|
|
CVE-2025-2806 |
Description: The tagDiv Composer plugin for WordPress, used by the Newspaper theme, is vulnerable to Reflected Cross-Site Scripting via the ‘data’ parameter in all versions up to, and including, 5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.09%
May 8th, 2025 (about 2 months ago)
|