CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Summary
A host header injection vulnerability has been identified in the user details viewing functionality of the system. This vulnerability allows an attacker to manipulate the host header in HTTP requests, thereby gaining unauthorized access to view details of other users.
References
https://github.com/Leantime/leantime/security/advisories/GHSA-99r5-84gr-59f6
https://github.com/advisories/GHSA-99r5-84gr-59f6
February 21st, 2025 (5 months ago)
|
|
|
Description: Due to improper cache control an attacker can view sensitive information even if they are not logged into the account anymore.
Additional Information:
1.The issue was identified during routine security testing.
2.This vulnerability poses a significant risk to user privacy and data security.
3.Urgent action is recommended to mitigate this vulnerability and protect user data from unauthorized access.
References
https://github.com/Leantime/leantime/security/advisories/GHSA-h6w8-27ph-c385
https://github.com/advisories/GHSA-h6w8-27ph-c385
February 21st, 2025 (5 months ago)
|
|
|
Description: Summary
The vulnerability in Leantime's "overdue" section allows attackers to upload malicious image files containing XSS payloads. When other users view these files, the scripts execute, enabling attackers to steal sensitive information or perform unauthorized actions. Improving input validation and output encoding in the file upload process can prevent this exploit. Accessing and enhancing the relevant source code modules is crucial for addressing this security flaw effectively.
Impact
This XSS vulnerability allows attackers to inject malicious scripts into the Leantime application, compromising user data, session tokens, and potentially executing unauthorized actions on behalf of users. Exploitation could lead to account takeover, data theft, and unauthorized access to sensitive information, posing a significant risk to user privacy, data integrity, and system security.
References
https://github.com/Leantime/leantime/security/advisories/GHSA-52xf-h226-pfgx
https://github.com/advisories/GHSA-52xf-h226-pfgx
February 21st, 2025 (5 months ago)
|
|
|
Description: Summary
A cross-site scripting (XSS) vulnerability has been identified in Leantime. The vulnerability allows an attacker to inject malicious scripts into certain fields, potentially leading to the execution of arbitrary code or unauthorized access to user-sensitive information. The code does not include any validation or sanitization of the $_GET["id"] parameter. As a result, it directly incorporates the user-supplied value into the source path without any checks.
References
https://github.com/Leantime/leantime/security/advisories/GHSA-v4q9-437p-mhpg
https://github.com/advisories/GHSA-v4q9-437p-mhpg
February 21st, 2025 (5 months ago)
|
|
|
Description: CSRF
Summary
A cross-site request forgery vulnerability allows a remote actor to create an account with Owner privileges. By luring an Owner or Administrator into clicking a button on an attacker-controlled website, a request will be issued, generating an account with the attacker's information and role of their choosing.
Impact
While the likelihood of a successful exploit is low, the impact would be high as the attacker could then gain complete control over the victim's environment.
References
https://github.com/Leantime/leantime/security/advisories/GHSA-92xh-6x7v-4rmq
https://github.com/advisories/GHSA-92xh-6x7v-4rmq
February 21st, 2025 (5 months ago)
|
|
|
Description: Description
Leantime allows stored cross-site scripting (XSS) in the API key name while generating the API key.
Impact
Any low privileged user like manager, or editor, can create an API key with XSS payload. When admin will visit the Company page, the XSS will automatically get triggerred leading to the unauthorized action performed from the ADMIN account. Like, removing any user, or adding someone else as high privilege, and many more.
References
https://github.com/Leantime/leantime/security/advisories/GHSA-c39w-3pjx-qc7m
https://github.com/advisories/GHSA-c39w-3pjx-qc7m
February 21st, 2025 (5 months ago)
|
|
|
Description: A Threat Actor Claims to be Selling Shell Access to an Unidentified Magento Store in France
February 21st, 2025 (5 months ago)
|
CVE-2025-27109 |
Description: solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (7.3) EPSS Score: 0.06%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-27108 |
Description: dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's `.replace()` opens up to potential Cross-site Scripting (XSS) vulnerabilities with the special replacement patterns beginning with `$`. Particularly, when the attributes of `Meta` tag from solid-meta are user-defined, attackers can utilise the special replacement patterns, either `$'` or `$\`` to achieve XSS. The solid-meta package has this issue since it uses `useAffect` and context providers, which injects the used assets in the html header. "dom-expressions" uses `.replace()` to insert the assets, which is vulnerable to the special replacement patterns listed above. This effectively means that if the attributes of an asset tag contained user-controlled data, it would be vulnerable to XSS. For instance, there might be meta tags for the open graph protocol in a user profile page, but if attackers set the user query to some payload abusing `.replace()`, then they could execute arbitrary javascript in the victim's web browser. Moreover, it could be stored and cause more problems. This issue has been addressed in version 0.39.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (7.3) EPSS Score: 0.03%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-27106 |
Description: binance-trading-bot is an automated Binance trading bot with trailing buy/sell strategy. Authenticated users of binance-trading-bot can achieve Remote Code Execution on the host system due to a command injection vulnerability in the `/restore` endpoint. The restore endpoint of binance-trading-bot is vulnerable to command injection via the `/restore` endpoint. The name of the uploaded file is passed to shell.exec without sanitization other than path normalization, resulting in Remote Code Execution. This may allow any authorized user to execute code in the context of the host machine. This issue has been addressed in version 0.0.100 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: HIGH (7.7) EPSS Score: 0.41%
February 21st, 2025 (5 months ago)
|