Whalers Blog

CVE ID : CVE-2025-22402 Published : Feb. 7, 2025, 3:15 a.m. | 2 hours, 27 minutes ago Description : Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information…

CVE ID : CVE-2025-1086 Published : Feb. 7, 2025, 2:15 a.m. | 3 hours, 26 minutes ago Description : A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: ‘../filedir’. The attack can be initiated remotely.…

CVE ID : CVE-2025-1061 Published : Feb. 7, 2025, 2:15 a.m. | 1 hour, 50 minutes ago Description : The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through…

CVE ID : CVE-2025-0674 Published : Feb. 7, 2025, 12:15 a.m. | 3 hours, 50 minutes ago Description : Multiple Elber products are affected by an authentication bypass vulnerability which allows unauthorized access to the password management functionality. Attackers can exploit this issue by manipulating the endpoint to overwrite any user’s password within the system. This grants…

CVE ID : CVE-2025-21408 Published : Feb. 6, 2025, 11:15 p.m. | 4 hours, 50 minutes ago Description : Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2025-21342 Published : Feb. 6, 2025, 11:15 p.m. | 4 hours, 50 minutes ago Description : Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2025-21177 Published : Feb. 6, 2025, 11:15 p.m. | 4 hours, 50 minutes ago Description : Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network. Severity: 8.7 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more……

CVE ID : CVE-2024-47258 Published : Feb. 6, 2025, 8:15 p.m. | 7 hours, 50 minutes ago Description : 2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. Severity: 8.1 | HIGH Visit the link for more details, such…

CISA KEV Catalog Update Part III- February 2025 The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog, adding five new vulnerabilities that are actively being exploited in … Read more Published Date: Feb 07, 2025 (3 hours, 5 minutes ago) Vulnerabilities has been mentioned in this article. Go to Source