CVE CyberSecurity Database News (Page 233)

Feb 18, 2025 Windows Exploit

CVE-2025-1035 - How Path Traversal in Komtera KLog Server Lets Attackers Access and Modify Files (with PoC and Fixes)

*Published: 2024-06-18* Komtera Technologies' KLog Server is a widely used log management solution. In early 2025, CVE-2025-1035 was assigned to a serious security glitch:

Feb 18, 2025 RCE Exploit Java

CVE-2025-0422 - Authenticated Remote Code Execution in "bestinformed Web" via ScriptVars

A new vulnerability tracked as CVE-2025-0422 has been discovered in the "bestinformed Web" application, exposing organizations to remote code execution (RCE). This severe

Feb 18, 2025 XSS WordPress PHP

CVE-2025-0864 - Reflected XSS Vulnerability in Active Products Tables for WooCommerce Plugin (All Versions ≤ 1..6.6) Explained

If you’re running a WordPress online store with WooCommerce, you might be using Active Products Tables for WooCommerce to display product listings. However, a

Feb 18, 2025 XSS WordPress Exploit Google

CVE-2024-13565 - Exploiting Stored XSS in Simple Map No Api WordPress Plugin (<= v1.9)

TL;DR: The Simple Map No Api plugin for WordPress, up to and including version 1.9, has a dangerous vulnerability. If you’re letting

Feb 18, 2025

CVE-2025-1390 - Libcap's PAM Module Incorrectly Recognizes Group Names, Leading to Privilege Escalation

The libcap package provides tools for configuring capabilities on Linux systems, including the powerful PAM (Pluggable Authentication Modules) engine. PAM is utilized for managing user