CyberAlerts

CVE-2025-40621

Description: SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ parameter of the ‘ValidateUserAndGetData’ endpoint.

CVSS: CRITICAL (9.3)

EPSS Score: 0.09%

Source: CVE

May 6th, 2025 (about 1 month ago)

CVE-2025-40620

Multiple vulnerabilities in TCMAN's GIM

Description: SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ parameter of the ‘ValidateUserAndWS’ endpoint.

CVSS: CRITICAL (9.3)

EPSS Score: 0.09%

Source: CVE

May 6th, 2025 (about 1 month ago)

Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence

🚨 Marked as known exploited on May 6th, 2025 (about 1 month ago).

Description: A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0. "Langflow contains a missing

CVSS: CRITICAL (9.8)

EPSS Score: 90.92%

Source: TheHackerNews

May 6th, 2025 (about 1 month ago)

CVE-2025-44074

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.

Description: SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE

May 5th, 2025 (about 1 month ago)

CVE-2025-44072

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php.

Description: SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE

May 5th, 2025 (about 1 month ago)

CVE-2025-44071

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows...

Description: SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request.

CVSS: CRITICAL (9.8)

EPSS Score: 0.36%

Source: CVE

May 5th, 2025 (about 1 month ago)

CVE-2025-45616

Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request.

Description: Incorrect access control in the /admin/** API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request.

CVSS: CRITICAL (9.8)

EPSS Score: 0.1%

Source: CVE

May 5th, 2025 (about 1 month ago)

CVE-2025-45615

Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request.

Description: Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request.

CVSS: CRITICAL (9.8)

EPSS Score: 0.1%

Source: CVE

May 5th, 2025 (about 1 month ago)

CVE-2025-45612

Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.

Description: Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index.

CVSS: CRITICAL (9.8)

EPSS Score: 0.07%

Source: CVE

May 5th, 2025 (about 1 month ago)

CVE-2025-45611

Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request.

Description: Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request.

CVSS: CRITICAL (9.8)

EPSS Score: 0.07%

Source: CVE

May 5th, 2025 (about 1 month ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-40621	Multiple vulnerabilities in TCMAN's GIM Description: SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ parameter of the ‘ValidateUserAndGetData’ endpoint. CVSS: CRITICAL (9.3) EPSS Score: 0.09% Source: CVE May 6th, 2025 (about 1 month ago)
CVE-2025-40620	Multiple vulnerabilities in TCMAN's GIM Description: SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ parameter of the ‘ValidateUserAndWS’ endpoint. CVSS: CRITICAL (9.3) EPSS Score: 0.09% Source: CVE May 6th, 2025 (about 1 month ago)
	Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence 🚨 Marked as known exploited on May 6th, 2025 (about 1 month ago). Description: A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0. "Langflow contains a missing CVSS: CRITICAL (9.8) EPSS Score: 90.92% Source: TheHackerNews May 6th, 2025 (about 1 month ago)
CVE-2025-44074	SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php. Description: SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE May 5th, 2025 (about 1 month ago)
CVE-2025-44072	SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php. Description: SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE May 5th, 2025 (about 1 month ago)
CVE-2025-44071	SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows... Description: SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request. CVSS: CRITICAL (9.8) EPSS Score: 0.36% Source: CVE May 5th, 2025 (about 1 month ago)
CVE-2025-45616	Incorrect access control in the /admin/ API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request. Description: Incorrect access control in the /admin/ API of brcc v1.2.0 allows attackers to gain access to Admin rights via a crafted request. CVSS: CRITICAL (9.8) EPSS Score: 0.1% Source: CVE May 5th, 2025 (about 1 month ago)
CVE-2025-45615	Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request. Description: Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request. CVSS: CRITICAL (9.8) EPSS Score: 0.1% Source: CVE May 5th, 2025 (about 1 month ago)
CVE-2025-45612	Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index. Description: Incorrect access control in xmall v1.1 allows attackers to bypass authentication via a crafted GET request to /index. CVSS: CRITICAL (9.8) EPSS Score: 0.07% Source: CVE May 5th, 2025 (about 1 month ago)
CVE-2025-45611	Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request. Description: Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request. CVSS: CRITICAL (9.8) EPSS Score: 0.07% Source: CVE May 5th, 2025 (about 1 month ago)