CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024.
The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a
CVSS: CRITICAL (9.3) EPSS Score: 50.61%
March 17th, 2025 (3 months ago)
|
CVE-2025-2200 |
Description: QL injection vulnerability in the IcProgreso Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query on the parameters user, id, idGroup, start_date and end_date in the endpoint /report/icprogreso/generar_blocks.php.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
March 17th, 2025 (3 months ago)
|
|
CVE-2025-2199 |
Description: SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query in ‘searchActionsToUpdate’, ‘searchSpecialitiesPending’, ‘searchSpecialitiesLinked’, ‘searchUsersToUpdateProfile’, ‘training_action_data’, ‘showContinuingTrainingCourses’ and ‘showUsersToEdit’ in /local/administration/ajax.php.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
March 17th, 2025 (3 months ago)
|
|
CVE-2025-2395 |
Description: The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.
CVSS: CRITICAL (9.8) EPSS Score: 0.28%
March 17th, 2025 (3 months ago)
|
|
CVE-2025-2345 |
Description: A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine sehr kritische Schwachstelle in IROAD Dash Cam X5 and Dash Cam X6 bis 20250308 gefunden. Hiervon betroffen ist ein unbekannter Codeblock. Mittels Manipulieren mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden.
CVSS: CRITICAL (9.3) EPSS Score: 0.07%
March 16th, 2025 (3 months ago)
|
|
CVE-2025-26875 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows SQL Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
March 15th, 2025 (3 months ago)
|
|
CVE-2025-1771 |
Description: The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotel_alone_load_more_post' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
CVSS: CRITICAL (9.8) EPSS Score: 0.26%
March 15th, 2025 (3 months ago)
|
|
Description: Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-6m2c-76ff-6vrf. This link is maintained to preserve external references.
Original Description
A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load() function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-2000
https://www.ibm.com/support/pages/node/7185949
https://github.com/advisories/GHSA-3pwp-2fqj-6g2p
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
March 14th, 2025 (3 months ago)
|
|
|
Description: Impact
A maliciously crafted QPY file containing can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats < 13. A python process calling Qiskit's qiskit.qpy.load() function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload.
Patches
Fixed in Qiskit 1.4.2 and in Qiskit 2.0.0rc2
References
https://github.com/Qiskit/qiskit/security/advisories/GHSA-6m2c-76ff-6vrf
https://nvd.nist.gov/vuln/detail/CVE-2025-2000
https://www.ibm.com/support/pages/node/7185949
https://github.com/advisories/GHSA-6m2c-76ff-6vrf
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
March 14th, 2025 (3 months ago)
|
|
|
Description: Impact
A maliciously crafted QPY file containing can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats < 13. A python process calling Qiskit's qiskit.qpy.load() function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload.
Patches
Fixed in Qiskit 1.4.2 and in Qiskit 2.0.0rc2
References
https://github.com/Qiskit/qiskit/security/advisories/GHSA-6m2c-76ff-6vrf
https://nvd.nist.gov/vuln/detail/CVE-2025-2000
https://www.ibm.com/support/pages/node/7185949
https://github.com/advisories/GHSA-6m2c-76ff-6vrf
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
March 14th, 2025 (3 months ago)
|