CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-2175
libzvbi _vbi_strndup_iconv integer overflow
Description: A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional. Eine problematische Schwachstelle wurde in libzvbi bis 0.2.43 ausgemacht. Hierbei geht es um die Funktion _vbi_strndup_iconv. Durch Manipulation mit unbekannten Daten kann eine integer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 0.2.44 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-2174
libzvbi conv.c vbi_strndup_iconv_ucs2 integer overflow
Description: A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional. In libzvbi bis 0.2.43 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um die Funktion vbi_strndup_iconv_ucs2 der Datei src/conv.c. Durch die Manipulation des Arguments src_length mit unbekannten Daten kann eine integer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 0.2.44 vermag dieses Problem zu lösen. Der Patch wird als ca1672134b3e2962cd392212c73f44f8f4cb489f bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

CVSS: MEDIUM (6.9)

EPSS Score: 0.1%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-2173
libzvbi conv.c vbi_strndup_iconv_ucs2 uninitialized pointer
Description: A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as 8def647eea27f7fd7ad33ff79c2d6d3e39948dce. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional. Es wurde eine problematische Schwachstelle in libzvbi bis 0.2.43 ausgemacht. Es geht dabei um die Funktion vbi_strndup_iconv_ucs2 der Datei src/conv.c. Mit der Manipulation des Arguments src_length mit unbekannten Daten kann eine uninitialized pointer-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 0.2.44 vermag dieses Problem zu lösen. Der Patch wird als 8def647eea27f7fd7ad33ff79c2d6d3e39948dce bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

CVSS: MEDIUM (6.9)

EPSS Score: 0.07%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2025-0629
Coronavirus (COVID-19) Notice Message <= 1.1.2 - Admin+ Stored XSS
Description: The Coronavirus (COVID-19) Notice Message WordPress plugin through 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS Score: 0.03%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-13864
Countdown Timer <= 1.0 - Reflected XSS
Description: The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

EPSS Score: 0.04%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-13862
S3Bubble Media Streaming <= 8.0 - Reflected XSS
Description: The S3Bubble Media Streaming (AWS|Elementor|YouTube|Vimeo Functionality) WordPress plugin through 8.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

EPSS Score: 0.04%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-13853
SEO Tools <= 4.0.7 - Reflected XSS
Description: The SEO Tools WordPress plugin through 4.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

EPSS Score: 1.93%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-13836
WP Login Control <= 2.0.0 - Reflected XSS
Description: The WP Login Control WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

EPSS Score: 0.04%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-13615
Social Media Plugin by Social Snap <= 1.3.6 - Admin+ Stored XSS
Description: The Social Share Buttons, Social Sharing Icons, Click to Tweet — Social Media Plugin by Social Snap WordPress plugin through 1.3.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

EPSS Score: 0.03%

Source: CVE
March 11th, 2025 (4 months ago)

CVE-2024-13580
XV Random Quotes <= 1.40 - Settings Reset via CSRF
Description: The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack

EPSS Score: 0.03%

Source: CVE
March 11th, 2025 (4 months ago)