CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of service (DoS) of the web app for all users.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-41395
https://mattermost.com/security-updates
https://github.com/mattermost/mattermost-plugin-playbooks/commit/4c823090e281cb9c0d5c17ee2e5db275117540d1
https://github.com/mattermost/mattermost/commit/2b5275d87136f07e016c8eca09a2f004b31afc8a
https://github.com/advisories/GHSA-3g36-gf7c-75qw
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
April 24th, 2025 (2 months ago)
|
CVE-2024-25605 |
Description: The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.
CVSS: MEDIUM (5.3) EPSS Score: 0.18% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|
|
CVE-2024-25208 |
Description: Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name parameter.
CVSS: MEDIUM (5.4) EPSS Score: 0.08% SSVC Exploitation: poc
April 24th, 2025 (2 months ago)
|
|
CVE-2024-25120 |
Description: TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.
CVSS: MEDIUM (4.3) EPSS Score: 0.14% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|
|
CVE-2024-24884 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.This issue affects Contact Form 7 Connector: from n/a through 1.2.2.
CVSS: MEDIUM (4.3) EPSS Score: 0.08% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|
|
CVE-2024-24855 |
Description: A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.
CVSS: MEDIUM (5.0) EPSS Score: 0.01% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|
|
CVE-2024-23447 |
Description: An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.
CVSS: MEDIUM (5.3) EPSS Score: 0.07% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|
|
CVE-2024-22464 |
Description:
Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.
CVSS: MEDIUM (6.2) EPSS Score: 0.09% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|
|
CVE-2024-21984 |
Description: StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8
are susceptible to a difficult to exploit Reflected Cross-Site Scripting
(XSS) vulnerability. Successful exploit requires the attacker to know
specific information about the target instance and trick a privileged
user into clicking a specially crafted link. This could allow the
attacker to view or modify configuration settings or add or modify user
accounts.
CVSS: MEDIUM (5.9) EPSS Score: 0.16% SSVC Exploitation: none
April 24th, 2025 (2 months ago)
|
|
CVE-2024-21494 |
Description: All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address.
CVSS: MEDIUM (5.4) EPSS Score: 0.02% SSVC Exploitation: poc
April 24th, 2025 (2 months ago)
|