CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27610 |
Description: Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, `Rack::Static` can serve files under the specified `root:` even if `urls:` are provided, which may expose other files under the specified `root:` unexpectedly. The vulnerability occurs because `Rack::Static` does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. By exploiting this vulnerability, an attacker can gain access to all files under the specified `root:` directory, provided they are able to determine then path of the file. Versions 2.2.13, 3.0.14, and 3.1.12 contain a patch for the issue. Other mitigations include removing usage of `Rack::Static`, or ensuring that `root:` points at a directory path which only contains files which should be accessed publicly. It is likely that a CDN or similar static file server would also mitigate the issue.
CVSS: HIGH (7.5) EPSS Score: 0.07%
March 10th, 2025 (4 months ago)
|
|
Description: Summary
Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly.
Details
The vulnerability occurs because Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory.
Impact
By exploiting this vulnerability, an attacker can gain access to all files under the specified root: directory, provided they are able to determine then path of the file.
Mitigation
Update to the latest version of Rack, or
Remove usage of Rack::Static, or
Ensure that root: points at a directory path which only contains files which should be accessed publicly.
It is likely that a CDN or similar static file server would also mitigate the issue.
References
https://github.com/rack/rack/security/advisories/GHSA-7wqh-767x-r66v
https://github.com/rack/rack/commit/50caab74fa01ee8f5dbdee7bb2782126d20c6583
https://github.com/advisories/GHSA-7wqh-767x-r66v
March 10th, 2025 (4 months ago)
|
|
Description: Nick's Chili Parlor Database Allegedly Leaked Online, Over 2,300 User Records Exposed
March 10th, 2025 (4 months ago)
|
|
|
Description: Impact
Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit.
Any user with access to the CI instance and the linked source control manager can perform the exploit.
Method
By spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository.
These secrets could be exfiltrated by follow up builds to the repository.
Patches
v0.26.3 — Image: target/vela-server:v0.26.3
v0.25.3 — Image: target/vela-server:v0.25.3
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
There are no workarounds to the issue.
References
Are there any links users can visit to find out more?
Please see linked CWEs (common weakness enumerators) for more information.
References
https://github.com/go-vela/server/security/advisories/GHSA-9m63-33q3-xq5x
https://nvd.nist.gov/vuln/detail/CVE-2025-27616
https://github.com/go-vela/server/commit/257886e5a3eea518548387885894e239668584f5
https://github.com/go-vela/server/commit/67c1892e2464dc54b8d2588815dfb7819222500b
https://github.com/go-vela/server/releases/tag/v0.25.3
https://github.com/go-vela/server/releases/tag/v0.26.3
https://github.com/advisories/GHSA-9m63-33q3-xq5x
CVSS: HIGH (8.6) EPSS Score: 0.03%
March 10th, 2025 (4 months ago)
|
|
|
Description: Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N. Versions below 9 are not affected. Thanks, Alfin Joseph for reporting.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-0660
https://github.com/concretecms/bedrock/pull/370
https://github.com/concretecms/concretecms/pull/12454
https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes
https://github.com/advisories/GHSA-pvmx-mjmh-jfcx
CVSS: MEDIUM (4.8) EPSS Score: 0.18%
March 10th, 2025 (4 months ago)
|
|
March 10th, 2025 (4 months ago)
|
|
Description: This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
March 10th, 2025 (4 months ago)
|
|
CVE-2025-27910 |
Description: tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request.
EPSS Score: 0.02%
March 10th, 2025 (4 months ago)
|
|
CVE-2025-25908 |
Description: A stored cross-site scripting (XSS) vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save.
EPSS Score: 0.03%
March 10th, 2025 (4 months ago)
|
|
CVE-2025-25907 |
Description: tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/save. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request.
EPSS Score: 0.02%
March 10th, 2025 (4 months ago)
|