CVE-2025-1682

CVE-2025-1682

Título es
CVE-2025-1682

Vie, 28/02/2025 – 00:15

Tipo
CWE-862

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1682

Descripción en
The Cardealer theme for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.4 due to missing capability check on the 'save_settings' function. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify the default user role.

28/02/2025

28/02/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
8.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH

Referencias


  • https://themeforest.net/item/car-dealer-automotive-wordpress-theme-responsive/8574708

  • https://webtemplatemasters.com/cardealer/changelog/#v165

  • https://www.wordfence.com/threat-intel/vulnerabilities/id/4e337281-f05e-486c-9491-161365af252a?source=cve

    • Enviar en el boletín
    Off

    CVE-2025-26264

    CVE-2025-26264

    Título es
    CVE-2025-26264

    Jue, 27/02/2025 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-26264

    Descripción en
    GeoVision GV-ASWeb with the version 6.1.2.0 or less, contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server, leading to a full system compromise.

    27/02/2025

    27/02/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/DRAGOWN/CVE-2025-26264

    • Enviar en el boletín
    Off

    CVE-2025-25730

    CVE-2025-25730

    Título es
    CVE-2025-25730

    Jue, 27/02/2025 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25730

    Descripción en
    An issue in Motorola Mobility Droid Razr HD (Model XT926) System Version: 9.18.94.XT926.Verizon.en.US allows physically proximate unauthorized attackers to access USB debugging, leading to control of the host device itself.

    27/02/2025

    27/02/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • CVE-2025-25730 Developer Options and USB Debugging Authorization Bypass in Motorola Droid Razr HD (XT926)


    • Enviar en el boletín
    Off

    CVE-2025-25570

    CVE-2025-25570

    Título es
    CVE-2025-25570

    Jue, 27/02/2025 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-25570

    Descripción en
    Vue Vben Admin 2.10.1 allows unauthorized login to the backend due to an issue with hardcoded credentials.

    27/02/2025

    27/02/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://github.com/Hackerhan/Vben-Admin

    • Enviar en el boletín
    Off

    CVE-2024-38292

    CVE-2024-38292

    Título es
    CVE-2024-38292

    Jue, 27/02/2025 – 22:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-38292

    Descripción en
    In XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation.

    27/02/2025

    27/02/2025

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias


  • https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2024-104-xiq-se-path-traversal-privilege-escalation-cve-2024/ba-p/116362

    • Enviar en el boletín
    Off

    CVE-2025-24832

    CVE-2025-24832

    Título es
    CVE-2025-24832

    Jue, 27/02/2025 – 23:15

    Tipo
    CWE-61

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-24832

    Descripción en
    Arbitrary file overwrite during home directory recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.4.866, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.7.615.

    28/02/2025

    28/02/2025

    Vector CVSS:3.1
    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    5.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias


  • https://security-advisory.acronis.com/advisories/SEC-7649

    • Enviar en el boletín
    Off