CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-24590

Description: Missing Authorization vulnerability in Haptiq picu – Online Photo Proofing Gallery allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects picu – Online Photo Proofing Gallery: from n/a through 2.4.0.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24584

Description: Missing Authorization vulnerability in BdThemes Ultimate Store Kit Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.3.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24540

Description: Cross-Site Request Forgery (CSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd allows Cross Site Request Forgery. This issue affects Coming Soon Page, Under Construction & Maintenance Mode by SeedProd: from n/a through 6.18.9.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24538

Description: Cross-Site Request Forgery (CSRF) vulnerability in slaFFik BuddyPress Groups Extras allows Cross Site Request Forgery. This issue affects BuddyPress Groups Extras: from n/a through 3.6.10.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24537

Description: Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery. This issue affects The Events Calendar: from n/a through 6.7.0.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24533

Description: Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsive Slider by MetaSlider allows Cross Site Request Forgery. This issue affects Responsive Slider by MetaSlider: from n/a through 3.92.0.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24390

Description: A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X

CVSS: MEDIUM (6.8)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24389

Description: Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected

CVSS: MEDIUM (6.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24369

Description: Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce (such as 42069), and then passes the challenge with difficulty zero. Commit e09d0226a628f04b1d80fd83bee777894a45cd02 fixes this behavior by not using a client-specified difficulty value.

CVSS: LOW (2.3)

EPSS Score: 0.05%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24368

Description: Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)