CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1864 |
Description: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9.
CVSS: CRITICAL (10.0) EPSS Score: 0.05%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-27590 |
Description: In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.
CVSS: CRITICAL (9.0) EPSS Score: 0.13%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-1671 |
Description: The Academist Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.6. This is due to the academist_membership_check_facebook_user() function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as any user, including site administrators.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 1st, 2025 (4 months ago)
|
|
CVE-2025-1638 |
Description: The Alloggio Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly validating a user's identity through the alloggio_membership_init_rest_api_facebook_login and alloggio_membership_init_rest_api_google_login functions. This makes it possible for unauthenticated attackers to log in as any user, including administrators, without knowing a password.
CVSS: CRITICAL (9.8) EPSS Score: 0.15%
March 1st, 2025 (4 months ago)
|
|
CVE-2025-1564 |
Description: The SetSail Membership plugin for WordPress is vulnerable to in all versions up to, and including, 1.0.3. This is due to the plugin not properly verifying a users identity through the social login. This makes it possible for unauthenticated attackers to log in as any user, including administrators and take over access to their account.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 1st, 2025 (4 months ago)
|
|
CVE-2024-12824 |
Description: The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and leverage that to gain access to their account.
CVSS: CRITICAL (9.8) EPSS Score: 42.85%
March 1st, 2025 (4 months ago)
|
|
CVE-2025-27554 |
Description: ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server (e.g., read secrets from the desktopify config.prod.json file), and consequently deploy updates to any app, via a postinstall script in package.json. No exploitation occurred.
CVSS: CRITICAL (9.9) EPSS Score: 0.25%
March 1st, 2025 (4 months ago)
|
|
CVE-2025-23116 |
Description: An Authentication Bypass vulnerability on UniFi Protect Application with Auto-Adopt Bridge Devices enabled could allow a malicious actor with access to UniFi Protect Cameras adjacent network to take control of UniFi Protect Cameras.
CVSS: CRITICAL (9.6) EPSS Score: 0.03%
March 1st, 2025 (4 months ago)
|
|
CVE-2025-23115 |
Description: A Use After Free vulnerability on UniFi Protect Cameras could allow a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras management network.
CVSS: CRITICAL (9.0) EPSS Score: 0.22%
March 1st, 2025 (4 months ago)
|
|
CVE-2025-0159 |
Description: CVE-2025-0159: Vulnerabilities in the GUI affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
CVSS: CRITICAL (9.1) EPSS Score: 0.11%
February 28th, 2025 (4 months ago)
|