CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27419 |
Description: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Denial of Service (DoS) vulnerability exists in WeGIA. This vulnerability allows any unauthenticated user to cause the server to become unresponsive by performing aggressive spidering. The vulnerability is caused by recursive crawling of dynamically generated URLs and insufficient handling of large volumes of requests. This vulnerability is fixed in 3.2.16.
CVSS: CRITICAL (9.2) EPSS Score: 0.13%
March 3rd, 2025 (3 months ago)
|
|
CVE-2024-4885 |
🚨 Marked as known exploited on March 3rd, 2025 (3 months ago).
Description: In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The
WhatsUp.ExportUtilities.Export.GetFileWithoutZip
allows execution of commands with iisapppool\nmconsole privileges.
CVSS: CRITICAL (9.8) EPSS Score: 93.68% SSVC Exploitation: active
March 3rd, 2025 (3 months ago)
|
|
CVE-2024-4885 |
Description: Progress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote code execution.
CVSS: CRITICAL (9.8) EPSS Score: 93.68%
March 3rd, 2025 (3 months ago)
|
|
CVE-2025-27270 |
Description: Missing Authorization vulnerability in NotFound Residential Address Detection allows Privilege Escalation. This issue affects Residential Address Detection: from n/a through 2.5.4.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 3rd, 2025 (3 months ago)
|
|
CVE-2025-27268 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.18.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
March 3rd, 2025 (3 months ago)
|
|
CVE-2025-26988 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows SQL Injection. This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.7.8.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
March 3rd, 2025 (3 months ago)
|
|
CVE-2025-26970 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ark Theme Core allows Code Injection. This issue affects Ark Theme Core: from n/a through 1.70.0.
CVSS: CRITICAL (10.0) EPSS Score: 0.07%
March 3rd, 2025 (3 months ago)
|
|
CVE-2025-26535 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Bitcoin / AltCoin Payment Gateway for WooCommerce allows Blind SQL Injection. This issue affects Bitcoin / AltCoin Payment Gateway for WooCommerce: from n/a through 1.7.6.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
March 3rd, 2025 (3 months ago)
|
|
CVE-2025-25150 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing allows Blind SQL Injection. This issue affects uListing: from n/a through 2.1.6.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
March 3rd, 2025 (3 months ago)
|
|
CVE-2025-1875 |
Description: SQL injection vulnerability have been found in 101news affecting version 1.0 through the "searchtitle" parameter in search.php.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
March 3rd, 2025 (3 months ago)
|