CyberSecurityBoard
Sponsor Register Login

CVE-2025-27824

An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability is mitigated by the fact that an attacker must have the ability to create content containing an iFrame field.

Publication date: Fri, 07 Mar 2025 00:00:00 +0000


Cyber News related to CVE-2025-27824

CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits - Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access. This SCADA management software ...
3 weeks ago Cybersecuritynews.com CVE-2024-53651 CVE-2025-25067 CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2023-37482 CVE-2024-54015 CVE-2022-38465 CVE-2025-24811 CVE-2025-20615 CVE-2025-24836 CVE-2025-23421 CVE-2024-53977 CVE-2025-23363 CVE-2025-1283 CVE-2025-23403 CVE-2025-26473 CVE-2025-25281 CVE-2025-24861
Palo Alto Networks tags new firewall bug as exploited in attacks - Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. "Palo Alto Networks has observed exploit ...
2 weeks ago Bleepingcomputer.com CVE-2025-0111 CVE-2025-0108 CVE-2024-9474
CVE-2025-27824 - An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability is mitigated by the fact that an attacker must ...
1 day ago
Paragon Partition Manager Vulnerabilities Let Attackers Escalate Privilege & Trigger DoS Attacks - Here the security analysts at Carnegie Mellon University noted that the most concerning aspect of these vulnerabilities is that they can be exploited even if Paragon Partition Manager isn’t installed on the target system, through a technique ...
5 days ago Cybersecuritynews.com CVE-2025-0286
41,500+ VMware ESXi Instances Vulnerable to Code Execution Attacks - We are scanning & reporting out VMware ESXi CVE-2025-22224 vulnerable instances ("a malicious actor with local admin privileges on a virtual machine may exploit this to execute code as virtual machine's VMX process running on ...
3 days ago Cybersecuritynews.com CVE-2025-22224
CVE-2020-27824 - A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to ...
2 years ago
CVE-2022-27824 - Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file ...
2 years ago
CVE-2024-27824 - This issue was addressed by removing the vulnerable code. ...
9 months ago Tenable.com
Over 37,000 VMware ESXi servers vulnerable to ongoing attacks - The Shadowserver Foundation reports that most of the vulnerable instances are in China (4,400), followed by France (4,100), the United States (3,800), Germany (2,800), Iran (2,800), and Brazil (2,200). Bill Toulas Bill Toulas is a tech writer and ...
2 days ago Bleepingcomputer.com CVE-2025-22225
Broadcom fixes three VMware zero-days exploited in attacks - CVE-2025-22225 is an ESXi arbitrary write vulnerability that allows the VMX process to trigger arbitrary kernel writes, leading to a sandbox escape, while CVE-2025-22226 is described as an HGFS information-disclosure flaw that lets threat actors with ...
5 days ago Bleepingcomputer.com CVE-2025-22225
MediaTek Warns of Multiple Vulnerabilities that let Attackers Escalate Privileges - The UAE Cyber Security Council recommends immediate network segmentation for critical infrastructure using affected chipsets and continuous monitoring for anomalous base station associations. The March 2025 Product Security Bulletin highlights three ...
6 days ago Cybersecuritynews.com CVE-2025-20644
Palo Alto Networks Warns Hackers Combining Vulnerabilities to Compromise Firewalls - Palo Alto Networks has issued urgent warnings as cybersecurity researchers observe threat actors exploiting a combination of vulnerabilities in PAN-OS, the operating system powering its next-generation firewalls. By combining these vulnerabilities, ...
2 weeks ago Cybersecuritynews.com CVE-2025-0108
Microsoft fixes bug causing Windows Server 2025 boot errors - In November, Redmond addressed another series of bugs that were triggering install, upgrade, and Blue Screen of Death (BSOD) issues on Windows Server 2025 devices with a high core count, and one month later, a known issue causing boot failures on ...
3 weeks ago Bleepingcomputer.com
PostgreSQL flaw exploited as zero-day in BeyondTrust breach - Rapid7 security researchers have also identified a method to exploit CVE-2025-1094 for remote code execution in vulnerable BeyondTrust Remote Support (RS) systems independently of the CVE-2024-12356 argument injection vulnerability. Rapid7's tests ...
3 weeks ago Bleepingcomputer.com CVE-2025-1094 CVE-2024-12356 CVE-2024-12686
CISA flags Craft CMS code injection flaw as exploited in attacks - The CVE-2025-23209 vulnerability only becomes an issue if an attacker has already obtained this security key, which opens the way to decrypt sensitive data, generate fake authentication tokens, or inject and execute malicious code remotely. The flaw ...
2 weeks ago Bleepingcomputer.com CVE-2025-23209 CVE-2025-0111 CVE-2025-0108 CVE-2024-9474
VMware ESXi Vulnerabilities Exploited in Wild to Execute Malicious Code - This critical flaw in VMware’s VMCI (Virtual Machine Communication Interface) allows attackers with local administrative privileges on a virtual machine to execute code on the underlying host. VMware has issued a critical security advisory ...
5 days ago Cybersecuritynews.com Black Basta CVE-2024-37085 Akira
Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability - Google’s Project Zero and Mandiant cybersecurity teams have jointly published a proof-of-concept (PoC) exploit for a high-severity command injection vulnerability in Palo Alto Networks’ PAN-OS OpenConfig plugin. Tracked as CVE-2025-0110, the flaw ...
2 weeks ago Cybersecuritynews.com CVE-2025-0110 CVE-2025-0108
Windows 10 KB5052077 update fixes broken SSH connections - ​​Microsoft has released the optional KB5052077 preview cumulative update for Windows 10 22H2 with nine bug fixes and changes, including a fix for a longstanding known issue that breaks SSH connections. "Following the installation of ...
1 week ago Bleepingcomputer.com
CISA Warns of Palo Alto PAN-OS Vulnerability Actively Exploited in the Wild - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding actively exploiting a high-severity authentication bypass vulnerability (CVE-2025-0108) in Palo Alto Networks PAN-OS, the operating system powering the ...
2 weeks ago Cybersecuritynews.com CVE-2025-0108 CVE-2024-0012 CVE-2024-9474
CVE-2025-0925 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-0818. Reason: This candidate is a reservation duplicate of CVE-2025-0818. Notes: All CVE users should reference CVE-2025-0818 instead of this candidate. All ...
3 weeks ago Tenable.com
CVE-2025-0919 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-0818. Reason: This candidate is a reservation duplicate of CVE-2025-0818. Notes: All CVE users should reference CVE-2025-0818 instead of this candidate. All ...
3 weeks ago Tenable.com
Patch Now: Palo Alto Flaw Exploited in the Wild - Indeed, researchers observed attackers making exploit attempts by chaining CVE-2025-0108 with two other PAN-OS Web management interface flaws — CVE-2024-9474, a privilege escalation flaw, and CVE-2025-0111, an authenticated file read vulnerability ...
2 weeks ago Darkreading.com CVE-2025-0108 CVE-2024-9474 CVE-2025-0111
CVE-2025-25725 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-25724. Reason: This candidate is a reservation duplicate of CVE-2025-25724. Notes: All CVE users should reference CVE-2025-25724 instead of this candidate. All references and ...
1 week ago
CISA Releases 7 ICS Advisories Detailing Vulnerabilities & Exploits - This vulnerability, tracked as CVE-2024-48510, has a CVSS v4 score of 9.3. Siemens has released updates for SiPass Integrated and recommends users upgrade to versions V2.90.3.19 or V2.95.3.15 and later. This vulnerability, identified as ...
2 weeks ago Cybersecuritynews.com CVE-2024-48510 CVE-2025-1265 CVE-2025-0352
CVE-2025-0977 - Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105. ...
1 month ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)