CVE-2024-13699 Qi Addons For Elementor <= 1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cursor’ parameter in all versions up to, and including, 1.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

CVE-2025-24371

CVE-2025-24371 affects CometBFT’s blocksync protocol. If a peer first reports a non-existent latest height X and then a lower Y (X&gt;Y), a node may continually try to catch up and become blocked, potentially impacting availability. This is a networked, low-complexity issue with high impact on av...

CVE-2025-25064

SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. Authenticated attackers can exploit this vulnerability by manipulating a specific parameter in...

CVE-2023-29383 affecting package shadow-utils for versions less than 4.9-13

CVE-2023-29383 affecting package shadow-utils for versions less than 4.9-13. A patched version of the package is available...

SUSE SLES15: kernel-livepatch-5_14_21-150400_24_103-default / etc (SUSE-SU-2025:0250-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0250-1 advisory. This update for the Linux Kernel 5.14.21-15040024103 fixes one issue. The following security issue was fixed: - CVE-2024-36971: Fixed dstnegativeadvice...

SUSE-SU-2025:0251-1 Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024111 fixes several issues. The following security issues were fixed: - CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. - CVE-2022-4895...

SUSE-SU-2025:0249-1 Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024122 fixes several issues. The following security issues were fixed: - CVE-2024-36971: Fixed dstnegativeadvice race bsc1226324. - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. - CVE-2022-4895...

CVE-2024-55931

The CVE-2024-55931 affects Xerox Workplace Suite. It discloses that tokens are stored in sessionStorage, which could be exposed if a user’s session is compromised. The vulnerability’s impact includes Confidentiality loss (per CVSS: High; I/N/A: none). Root cause is storage of tokens in session st...

PT-2025-1613

Name of the Vulnerable Software and Affected Versions Arm Cortex-A72 versions prior to r1p0 Arm Cortex-A73 affected versions not specified Arm Cortex-A75 affected versions not specified Description The issue may allow an adversary to gain a weak form of control over the victim's branch history...

CVE-2024-45338 affecting package telegraf for versions less than 1.31.0-4

CVE-2024-45338 affecting package telegraf for versions less than 1.31.0-4. A patched version of the package is available...

CVE-2025-24011

Summary: CVE-2025-24011 affects Umbraco CMS (.NET). From 14.0.0 up to, but not including, 14.3.2 and 15.1.2, an attacker can determine whether an account exists by analyzing response codes and timing of the management API. Impact: information exposure; no availability/integrity impact claimed. Ve...

CVE-2024-57933

In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on the existence of queues. As it stands, if the interface is down, disabling or enabling XSK pools would result i...

CVE-2024-57933 gve: guard XSK operations on the existence of queues

In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on the existence of queues. As it stands, if the interface is down, disabling or enabling XSK pools would result i...

CVE-2025-23209

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution RCE vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a...

Metasploit Wrap-Up 01/17/2025

Clarity in Cleo Exploitation Last Month, Huntress reported that several Cleo products were being attacked in the wild, including Harmony, VLTrader, and LexiCom. Cleo announced CVE-2024-50623 and that these issues were patched in 5.8.0.21, but Huntress reported the vulnerability was still in those...

Gomatrixserverlib Server-Side Request Forgery (SSRF) on redirects and federation

Impact Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. Patches c4f1e01eab0dd435709ad15463ed38a079ad6128 fixes this issue. Workarounds Use a local firewall to limit the network segments and hosts the...

Matrix Media Repo (MMR) allows Server-Side Request Forgery (SSRF) on redirects and federation

Impact Matrix Media Repo MMR is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. Patches This is fixed in MMR v1.3.8. Workarounds Restricting which hosts MMR is allowed to contact via local firewall rules or a transparent...

CVE-2024-57890

In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevent integer overflow issue In the expression "cmd.wqesize cmd.wrcount", both variables are u32 values that come from the user so the multiplication can lead to integer wrapping. Then we pass the result to...

CVE-2024-57891

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix invalid irq restore in scxopsbypass While adding outer irqsave/restore locking, 0e7ffff1b811 "scx: Fix raciness in scxopsbypass" forgot to convert an inner rqunlockirqrestore to rqunlock which could re-enable IRQ...

AZL-55853 CVE-2024-57890 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevent integer overflow issue In the expression "cmd.wqesize cmd.wrcount", both variables are u32 values that come from the user so the multiplication can lead to integer wrapping. Then we pass the result to...