CVE-2025-24856

TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc)

This Cyber News was published on www.tenable.com. Publication date: Wed, 29 Jan 2025 04:56:02 +0000

Cyber News related to CVE-2025-24856

CVE-2025-24856 - TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc) ...
2 days ago Tenable.com

CVE-2021-24856 - The Shared Files WordPress plugin before 1.6.61 does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ...
3 years ago

CVE-2022-24856 - FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery (SSRF) when FlyteConsole is open to the general internet. An attacker can exploit any user of a ...
2 years ago

CVE-2023-24856 - Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability ...
8 months ago

CVE-2024-24856 - The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a ...
8 months ago

Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
1 year ago Bleepingcomputer.com

CVE-2021-42718 - Information Disclosure in API in Replicated Replicated Classic versions prior to 2.53.1 on all platforms allows authenticated users with Admin Console access to retrieve sensitive data, including application secrets, via accessing container ...
6 days ago Tenable.com

CVE-2024-13162 - SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from ...
2 weeks ago Tenable.com

CVE-2025-0246 - When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This ...
3 weeks ago Tenable.com

CVE-2024-13172 - Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. ...
2 weeks ago Tenable.com

CVE-2024-13171 - Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. ...
2 weeks ago Tenable.com

CVE-2024-13170 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
2 weeks ago Tenable.com

CVE-2024-13169 - An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. ...
2 weeks ago Tenable.com

CVE-2024-13168 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
2 weeks ago Tenable.com

CVE-2024-13167 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
2 weeks ago Tenable.com

CVE-2024-13166 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
2 weeks ago Tenable.com

CVE-2024-13165 - An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. ...
2 weeks ago Tenable.com

CVE-2024-13164 - An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. ...
2 weeks ago Tenable.com

Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to send specially crafted packets to change credentials without any prior authentication. A vulnerability of authentication bypass has been found in Zebra ...
1 year ago Cisa.gov

CVE-2024-13163 - Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. ...
2 weeks ago Tenable.com

CVE-2024-13161 - Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. ...
2 weeks ago Tenable.com

CVE-2024-13160 - Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. ...
2 weeks ago Tenable.com

CVE-2024-13159 - Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. ...
2 weeks ago Tenable.com

CVE-2024-13158 - An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. ...
2 weeks ago Tenable.com

CVE-2024-10811 - Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. ...
2 weeks ago Tenable.com

Latest Cyber News

CVE-2024-40890 - 4 hours ago
CVE-2024-40891 - 4 hours ago
CVE-2025-0847 - 5 hours ago
CVE-2025-0848 - 5 hours ago
CVE-2025-0849 - 5 hours ago
CVE-2025-0846 - 6 hours ago
CVE-2025-0844 - 7 hours ago
CVE-2025-21415 - 8 hours ago
CVE-2025-21396 - 8 hours ago
CVE-2025-0843 - 8 hours ago
CVE-2024-57665 - 8 hours ago
CVE-2024-57513 - 9 hours ago
CVE-2025-0842 - 9 hours ago
CVE-2025-0851 - 9 hours ago
CVE-2024-48761 - 9 hours ago
CVE-2024-51182 - 9 hours ago
CVE-2024-54851 - 9 hours ago
CVE-2024-54852 - 9 hours ago
CVE-2024-57395 - 9 hours ago
CVE-2024-57509 - 9 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2025-24099 - 1 day ago
CVE-2024-12749 - 1 day ago
CVE-2024-13696 - 23 hours ago
CVE-2024-7695 - 23 hours ago
CVE-2024-57965 - 22 hours ago
CVE-2021-3978 - 21 hours ago
CVE-2025-0617 - 20 hours ago
CVE-2024-13561 - 19 hours ago
CVE-2024-41140 - 19 hours ago
CVE-2024-54461 - 19 hours ago
CVE-2024-54462 - 19 hours ago
CVE-2025-0353 - 19 hours ago
CVE-2024-57436 - 16 hours ago
CVE-2024-57437 - 16 hours ago
CVE-2024-57438 - 16 hours ago
CVE-2024-57439 - 16 hours ago
CVE-2025-24374 - 15 hours ago
CVE-2025-24792 - 15 hours ago
CVE-2023-35907 - 14 hours ago
CVE-2023-37398 - 14 hours ago