CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-21612
Cross-site Scripting in TabberTransclude in Extension:TabberNeue
Description: TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2.

CVSS: HIGH (8.6)

EPSS Score: 0.05%

Source: CVE
January 7th, 2025 (6 months ago)

CVE-2025-21611
tgstation-server's role authorization incorrectly OR'd with user's enabled status
Description: tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions regardless of their permissions. Notably, the WriteUsers right is unaffected so users may not use this bug to permanently elevate their account permissions. The fix is release in tgstation-server-v6.12.3.

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE
January 7th, 2025 (6 months ago)

CVE-2025-21604
LangChain4j-AIDeepin Using MD5 to Hash files may cause file upload conflicts
Description: LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
January 7th, 2025 (6 months ago)

CVE-2024-8474
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which...
Description: OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic

EPSS Score: 0.04%

Source: CVE
January 7th, 2025 (6 months ago)

CVE-2024-8403
Denial-of-Service Vulnerability in Ethernet port on MELSEC iQ-F Ethernet Module and EtherNet/IP Module
Description: Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 and later and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication of the products by sending specially crafted SLMP packets.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
January 7th, 2025 (6 months ago)

CVE-2024-8066
File Manager Pro – Filester <= 1.8.6- Authenticated (Subscriber+) Arbitrary File Upload
Description: The File Manager Pro – Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
January 7th, 2025 (6 months ago)

CVE-2024-56828
File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint...
Description: File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the base64-encoded image is parsed. For example, given a string like: data:image/html;base64,PGh0bWw+PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPjwvaHRtbD4= the content after the comma is extracted and decoded using Base64.getDecoder().decode(). The substring from the 11th character up to the first occurrence of a semicolon (;) is assigned to the suffix variable (representing the file extension). The decoded content is then written to a file. However, the file extension is not validated, and since this functionality is exposed to the frontend, it poses significant security risks.

EPSS Score: 0.05%

Source: CVE
January 7th, 2025 (6 months ago)

CVE-2024-56769
media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
Description: In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by KMSAN in dib3000_read_reg(). Local u8 rb[2] is used in i2c_transfer() as a read buffer; in case that call fails, the buffer may end up with some undefined values. Since no elaborate error handling is expected in dib3000_write_reg(), simply zero out rb buffer to mitigate the problem. [1] Syzkaller report dvb-usb: bulk message failed: -22 (6/0) ===================================================== BUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 dibusb_dib3000mb_frontend_attach+0x155/0x2f0 drivers/media/usb/dvb-usb/dibusb-mb.c:31 dvb_usb_adapter_frontend_init+0xed/0x9a0 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:290 dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:90 [inline] dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:186 [inline] dvb_usb_device_init+0x25a8/0x3760 drivers/media/usb/dvb-usb/dvb-usb-init.c:310 dibusb_probe+0x46/0x250 drivers/media/usb/dvb-usb/dibusb-mb.c:110 ... Local variable rb created at: dib3000_read_reg+0x86/0x4e0 drivers/media/dvb-frontends/dib3000mb.c:54 dib3000mb_attach+0x123/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 ...

EPSS Score: 0.04%

Source: CVE
January 7th, 2025 (6 months ago)

CVE-2024-56768
bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP
Description: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP On x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP disabled can trigger the following bug, as pcpu_hot is unavailable: [ 8.471774] BUG: unable to handle page fault for address: 00000000936a290c [ 8.471849] #PF: supervisor read access in kernel mode [ 8.471881] #PF: error_code(0x0000) - not-present page Fix by inlining a return 0 in the !CONFIG_SMP case.

EPSS Score: 0.04%

Source: CVE
January 7th, 2025 (6 months ago)

CVE-2024-56767
dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
Description: In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will lead to a null pointer dereference. For example, the len input is error, or the atchan->free_descs_list is empty and memory is exhausted. Therefore, add check to avoid this.

EPSS Score: 0.04%

Source: CVE
January 7th, 2025 (6 months ago)