CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24537 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery. This issue affects The Events Calendar: from n/a through 6.7.0.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24533 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsive Slider by MetaSlider allows Cross Site Request Forgery. This issue affects Responsive Slider by MetaSlider: from n/a through 3.92.0.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24390 |
Description: A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions.
This issue affects:
* OTRS 7.0.X
* OTRS 8.0.X
* OTRS 2023.X
* OTRS 2024.X
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24389 |
Description: Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator.
This issue affects:
* OTRS 7.0.X
* OTRS 8.0.X
* OTRS 2023.X
* OTRS 2024.X
* ((OTRS)) Community Edition: 6.0.x
Products based on the ((OTRS)) Community Edition also very likely to be affected
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24369 |
Description: Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce (such as 42069), and then passes the challenge with difficulty zero. Commit e09d0226a628f04b1d80fd83bee777894a45cd02 fixes this behavior by not using a client-specified difficulty value.
CVSS: LOW (2.3) EPSS Score: 0.05%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24368 |
Description: Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.
CVSS: MEDIUM (6.9) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24367 |
Description: Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
CVSS: HIGH (8.7) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24365 |
Description: vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization (in real case the user can be a part of the organization as an unprivileged user) and be the owner/admin of other organization (by default you can create your own organization) in order to attack. This vulnerability is fixed in 1.33.0.
CVSS: HIGH (8.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24364 |
Description: vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Attacker with authenticated access to the vaultwarden admin panel can execute arbitrary code in the system. The attacker could then change some settings to use sendmail as mail agent but adjust the settings in such a way that it would use a shell command. It then also needed to craft a special favicon image which would have the commands embedded to run during for example sending a test email. This vulnerability is fixed in 1.33.0.
CVSS: HIGH (7.2) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24357 |
Description: vLLM is a library for LLM inference and serving. vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which is downloaded from huggingface. It uses the torch.load function and the weights_only parameter defaults to False. When torch.load loads malicious pickle data, it will execute arbitrary code during unpickling. This vulnerability is fixed in v0.7.0.
CVSS: HIGH (7.5) EPSS Score: 0.05%
January 28th, 2025 (5 months ago)
|