CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-1682

Description: The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the default user role.

CVSS: HIGH (8.8)

EPSS Score: 0.04%

Source: CVE
February 28th, 2025 (4 months ago)

CVE-2025-1681

Description: The Cardealer theme for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check and missing filename sanitization on the demo theme scheme AJAX functions in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to change or delete arbitrary css and js files.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
February 28th, 2025 (4 months ago)

CVE-2024-12811

Description: The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_slider' shortcode 'style' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.

CVSS: HIGH (8.8)

EPSS Score: 0.1%

Source: CVE
February 28th, 2025 (4 months ago)
Description: Threat Attack Daily - February 27th, 2025
Source: DarkWebInformer
February 28th, 2025 (4 months ago)

CVE-2024-37567

Description: Infoblox NIOS through 8.6.4 has Improper Access Control for Grids.

EPSS Score: 0.04%

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2024-37566

Description: Infoblox NIOS through 8.6.4 has Improper Authentication for Grids.

EPSS Score: 0.06%

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2024-36047

Description: Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation.

EPSS Score: 0.08%

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2024-36046

Description: Infoblox NIOS through 8.6.4 executes with more privileges than required.

EPSS Score: 0.06%

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2024-34015

Description: Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892.

CVSS: LOW (3.3)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
February 27th, 2025 (4 months ago)

CVE-2024-34014

Description: Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.6.599, Acronis Backup plugin for DirectAdmin (Linux) before build 1.2.2.181.

CVSS: MEDIUM (5.5)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
February 27th, 2025 (4 months ago)