March 2025

CVE ID : CVE-2024-11180 Published : March 29, 2025, 8:15 a.m. | 9 hours, 56 minutes ago Description : The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This makes […]

Kubernetes IngressNightmare Vulnerabilities: What You Need to Know We would like to recognize Amit Serper, Travis Lowe, Tony Gore, Adrian Godoy, Mihai Vasilescu, Suraj Sahu, Pablo Ramos, Raj Jammalamadaka, Lacie Griffin, and Josh Grunzweig for their contributions in … Read more Published Date: Mar 29, 2025 (9 hours, 8 minutes ago) Vulnerabilities has been mentioned in this

CVE ID : CVE-2024-55895 Published : March 29, 2025, 1:15 p.m. | 4 hours, 55 minutes ago Description : IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. Severity: 2.7

CISA Warns of ESURGE Malware Exploiting Ivanti RCE Vulnerability The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report (MAR-25993211-r1.v1) detailing the exploitation of a critical vulnerability in Ivanti Connect Secure de … Read more Published Date: Mar 29, 2025 (3 hours, 12 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2025-0282

CVE ID : CVE-2023-38272 Published : March 27, 2025, 6:17 p.m. | 1 hour, 42 minutes ago Description : IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 could allow a user with access to the network to obtain sensitive information from CLI arguments. Severity:

CVE ID : CVE-2024-55072 Published : March 27, 2025, 7:15 p.m. | 43 minutes ago Description : A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household. Severity: 0.0 | NA Visit the

CVE ID : CVE-2024-55073 Published : March 27, 2025, 7:15 p.m. | 43 minutes ago Description : A Broken Object Level Authorization vulnerability in the component /api/users/{user-id} of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household. Severity: 0.0 | NA Visit the

CVE ID : CVE-2025-29306 Published : March 27, 2025, 7:15 p.m. | 43 minutes ago Description : An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline,

CVE ID : CVE-2025-30093 Published : March 27, 2025, 7:15 p.m. | 43 minutes ago Description : HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before 24.0.6, and 24.6.x before 24.6.1 allows authenticated attackers to bypass authorization restrictions. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and

CVE ID : CVE-2025-27609 Published : March 26, 2025, 5:15 p.m. | 43 minutes ago Description : Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a request that, once transmitted to a victim’s Icinga Web, allows