CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-45338	Fedora 40 : yq (2025-93d6242840) Description: Nessus Plugin ID 214992 with Medium Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-93d6242840 advisory. Rebuilt against golang-x-net 0.33.0 for CVE-2024-45338Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected yq package. Read more at https://www.tenable.com/plugins/nessus/214992 Source: Tenable Plugins February 5th, 2025 (5 months ago)
CVE-2024-45195	CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25 Description: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized EPSS Score: 75.58% Source: TheHackerNews February 5th, 2025 (5 months ago)
	Multiple vulnerabilities in Defense Platform Home Edition Description: Defense Platform Home Edition provided by Humming Heads Inc. contains multiple vulnerabilities. Source: Japan Vulnerability Notes (JVN) February 5th, 2025 (5 months ago)
CVE-2025-24860	Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions Description: Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control language (DCL) statements on affected versions. This issue affects Apache Cassandra: from 4.0.0 through 4.0.15 and from 4.1.0 through 4.1.7 for CassandraNetworkAuthorizer, and from 5.0.0 through 5.0.2 for both CassandraNetworkAuthorizer and CassandraCIDRAuthorizer. Operators using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer on affected versions should review data access rules for potential breaches. Users are recommended to upgrade to versions 4.0.16, 4.1.8, 5.0.3, which fixes the issue. EPSS Score: 0.04% Source: CVE February 5th, 2025 (5 months ago)
CVE-2025-23015	Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions Description: Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra through 3.0.30, 3.11.17, 4.0.15, 4.1.7, 5.0.2. Users are recommended to upgrade to versions 3.0.31, 3.11.18, 4.0.16, 4.1.8, 5.0.3, which fixes the issue. EPSS Score: 0.04% Source: CVE February 5th, 2025 (5 months ago)
CVE-2025-22206	Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.2 for Joomla Description: A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.2 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'fieldfor' parameter in the GDPR Field feature. EPSS Score: 0.04% Source: CVE February 5th, 2025 (5 months ago)
CVE-2025-22205	Extension - admiror-design-studio.com - Path traversal in the Admiror Gallery 4.x component for Joomla Description: Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x. EPSS Score: 0.04% Source: CVE February 5th, 2025 (5 months ago)
CVE-2025-22204	Extension - regularlabs.com - Remote code execution vulnerability in the Sourcerer extensions < 12.0.0 for Joomla Description: Improper control of generation of code in the sourcerer extension for Joomla in versions before 11.0.0 lead to a remote code execution vulnerability. EPSS Score: 0.04% Source: CVE February 5th, 2025 (5 months ago)
CVE-2025-1020	Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with... Description: Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135 and Thunderbird < 135. EPSS Score: 0.07% Source: CVE February 5th, 2025 (5 months ago)
CVE-2025-1019	The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a... Description: The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135. EPSS Score: 0.05% Source: CVE February 5th, 2025 (5 months ago)