CVE CyberSecurity Database News

Jan 15, 2025 Exploit

CVE-2025-23013 - Local Privilege Escalation in Yubico pam-u2f Before 1.3.1

In Yubico pam-u2f before 1.3.1, there is a vulnerability that can lead to local privilege escalation. Yubico pam-u2f is a Pluggable Authentication Module

Jan 14, 2025 Exploit WebSocket

CVE-2024-55591: Authentication Bypass Vulnerability in FortiOS and FortiProxy Leads to Super-Admin Privileges

A critical security vulnerability has recently been discovered, dubbed CVE-2024-55591, that affects FortiOS version 7.. through 7..16 and FortiProxy version 7.. through 7..19

Jan 9, 2025 Microsoft Exploit

CVE-2025-21385: Server-Side Request Forgery (SSRF) Vulnerability Discovered in Microsoft Purview - Exploit Details and Mitigation Steps

Microsoft Purview, an essential and widely-used data governance service for managing and securing enterprise information, has been identified to have an SSRF (Server-Side Request Forgery)

Jan 9, 2025 Exploit

CVE-2024-55225 - Vaultwarden User Impersonation Vulnerability: How Attackers Can Exploit the src/api/identity.rs Component

A critical vulnerability, identified as CVE-2024-55225, has been recently discovered in Vaultwarden, an open-source password manager. The issue impacts the component src/api/identity.rs,

Jan 9, 2025

CVE-2024-13041: Critical External Groups Configuration Issue in GitLab CE/EE Allows Unauthorized Access to Internal Projects and Groups

A security vulnerability has been discovered in GitLab CE/EE, affecting all versions starting from 16.4 to 17.5.5, starting from 17.6