CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

Description: A Threat Actor Claims to be Selling a 0-day Shell Uploader Targeting Magento
Source: DarkWebInformer
February 16th, 2025 (5 months ago)
Description: In mid-2019, the e-commerce website Storenvy suffered a data breach that exposed millions of customer records. A portion of the breached records were subsequently posted to a hacking forum with cracked password hashes, whilst the entire corpus of 23M rows was put up for sale. The data contained 11M unique email addresses alongside usernames, IP addresses, the user's city, gender date of birth and original salted SHA-1 password hash.
Source: HaveIBeenPwnedLatestBreaches
February 16th, 2025 (5 months ago)

CVE-2025-0995

Description: Nessus Plugin ID 216353 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d83e49a948 advisory. Update to 133.0.6943.98 * CVE-2025-0995: Use after free in V8 * CVE-2025-0996: Inappropriate implementation in Browser UI * CVE-2025-0997: Use after free in Navigation * CVE-2025-0998: Out of bounds memory access in V8Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected chromium package. Read more at https://www.tenable.com/plugins/nessus/216353

EPSS Score: 0.04%

Source: Tenable Plugins
February 16th, 2025 (5 months ago)

CVE-2025-0995

Description: Nessus Plugin ID 216354 with High Severity Synopsis The remote Fedora host is missing one or more security updates. Description The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a87a6cd2a7 advisory. Update to 133.0.6943.98 * CVE-2025-0995: Use after free in V8 * CVE-2025-0996: Inappropriate implementation in Browser UI * CVE-2025-0997: Use after free in Navigation * CVE-2025-0998: Out of bounds memory access in V8Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected chromium package. Read more at https://www.tenable.com/plugins/nessus/216354

EPSS Score: 0.04%

Source: Tenable Plugins
February 16th, 2025 (5 months ago)

CVE-2024-54756

Description: Posted by Gabriel Valachi via Fulldisclosure on Feb 15In GZDoom 4.13.1 and below, there is a vulnerability involving array sizes in ZScript, the game engine's primary scripting language. It is possible to dynamically allocate an array of 1073741823 dwords, permitting access to the rest of the heap from the start of the array and causing a second array declared in the same function to overlap with this huge array. The result is an exploit chain that allows arbitrary code execution through a...

EPSS Score: 0.1%

Source: Full Disclosure Mailinglist
February 16th, 2025 (5 months ago)

CVE-2025-26793

Description: The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires many steps. Attackers can use the credentials over the Internet via mesh.webadmin.MESHAdminServlet to gain access to dozens of Canadian and U.S. apartment buildings and obtain building residents' PII. NOTE: the Supplier's perspective is that the "vulnerable systems are not following manufacturers' recommendations to change the default password."

CVSS: CRITICAL (10.0)

EPSS Score: 0.07%

Source: CVE
February 16th, 2025 (5 months ago)

CVE-2025-22209

Description: A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature.

EPSS Score: 0.04%

Source: CVE
February 16th, 2025 (5 months ago)

CVE-2025-22208

Description: A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'filter_email' parameter in the GDPR Erase Data Request search feature.

EPSS Score: 0.04%

Source: CVE
February 16th, 2025 (5 months ago)

CVE-2025-1302

Description: Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. **Note:** This is caused by an incomplete fix for [CVE-2024-21534](https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884).

CVSS: CRITICAL (9.3)

EPSS Score: 0.05%

Source: CVE
February 16th, 2025 (5 months ago)

CVE-2025-1005

Description: The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Accordion widget in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.05%

Source: CVE
February 16th, 2025 (5 months ago)