CVE-2025-24337

WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.

This Cyber News was published on www.tenable.com. Publication date: Mon, 20 Jan 2025 17:31:02 +0000

Cyber News related to CVE-2025-24337

CVE-2025-24337 - WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini. ...
9 hours ago Tenable.com

CVE-2020-24337 - An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses ...
4 years ago

CVE-2021-24337 - The id GET parameter of one of the Video Embed WordPress plugin through 1.0's page (available via forced browsing) is not sanitised, validated or escaped before being used in a SQL statement, allowing low privilege users, such as subscribers, to ...
3 years ago

CVE-2022-24337 - In JetBrains TeamCity before 2021.2, health items of pull requests were shown to users who lacked appropriate permissions. ...
2 years ago

CVE-2024-24337 - CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the ...
11 months ago

Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
11 months ago Bleepingcomputer.com

CVE-2024-13162 - SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from ...
6 days ago Tenable.com

CVE-2025-0246 - When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This ...
1 week ago Tenable.com

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to send specially crafted packets to change credentials without any prior authentication. A vulnerability of authentication bypass has been found in Zebra ...
1 year ago Cisa.gov

CVE-2024-13172 - Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. ...
6 days ago Tenable.com

CVE-2024-13171 - Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. ...
6 days ago Tenable.com

CVE-2024-13170 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
6 days ago Tenable.com

CVE-2024-13169 - An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. ...
6 days ago Tenable.com

CVE-2024-13168 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
6 days ago Tenable.com

CVE-2024-13167 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
6 days ago Tenable.com

CVE-2024-13166 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
6 days ago Tenable.com

CVE-2024-13165 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
6 days ago Tenable.com

CVE-2024-13164 - An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. ...
6 days ago Tenable.com

CVE-2024-13163 - Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. ...
6 days ago Tenable.com

CVE-2024-13161 - Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. ...
6 days ago Tenable.com

CVE-2024-13160 - Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. ...
6 days ago Tenable.com

CVE-2024-13159 - Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. ...
6 days ago Tenable.com

CVE-2024-13158 - An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. ...
6 days ago Tenable.com

CVE-2024-10811 - Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. ...
6 days ago Tenable.com

CVE-2025-22146 - Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an ...
5 days ago Tenable.com

Latest Cyber News

CVE-2025-21655 - 9 hours ago
CVE-2025-24337 - 9 hours ago
CVE-2024-13176 - 9 hours ago
CVE-2023-52923 - 12 hours ago
CVE-2025-0590 - 16 hours ago
CVE-2025-0584 - 20 hours ago
CVE-2025-0585 - 20 hours ago
CVE-2025-0586 - 20 hours ago
CVE-2024-13524 - 20 hours ago
CVE-2025-0579 - 20 hours ago
CVE-2025-0581 - 20 hours ago
CVE-2025-0582 - 20 hours ago
CVE-2025-0580 - 20 hours ago
CVE-2025-0583 - 21 hours ago
CVE-2025-0578 - 21 hours ago
CVE-2025-0576 - 23 hours ago
CVE-2025-0575 - 1 day ago
CVE-2024-41783 - 1 day ago
CVE-2024-41742 - 1 day ago
CVE-2024-41743 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2025-0575 - 1 day ago
CVE-2025-0576 - 23 hours ago
CVE-2025-0578 - 21 hours ago
CVE-2025-0583 - 21 hours ago
CVE-2025-0580 - 20 hours ago
CVE-2024-13524 - 20 hours ago
CVE-2025-0579 - 20 hours ago
CVE-2025-0581 - 20 hours ago
CVE-2025-0582 - 20 hours ago
CVE-2025-0584 - 20 hours ago
CVE-2025-0585 - 20 hours ago
CVE-2025-0586 - 20 hours ago
CVE-2025-0590 - 16 hours ago
CVE-2023-52923 - 12 hours ago
CVE-2024-13176 - 9 hours ago
CVE-2025-21655 - 9 hours ago
CVE-2025-24337 - 9 hours ago
CVE-2024-45662 - 2 days ago
CVE-2025-0561 - 1 day ago
CVE-2025-0562 - 1 day ago