CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered
Description: Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read and code execution. Of the 30 flaws in the product, 11 are rated Critical in severity - CVE-2025-24446 (CVSS score: 9.1) - An improper input validation vulnerability that could result in an

CVSS: CRITICAL (9.1)

EPSS Score: 1.25%

Source: TheHackerNews
April 9th, 2025 (2 months ago)

CVE-2025-30282
ColdFusion | Improper Authentication (CWE-287)
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass authentication mechanisms and execute code with the privileges of the authenticated user. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application.

CVSS: CRITICAL (9.1)

EPSS Score: 0.34%

SSVC Exploitation: none

Source: CVE
April 8th, 2025 (2 months ago)

CVE-2025-30281
ColdFusion | Improper Access Control (CWE-284)
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction.

CVSS: CRITICAL (9.1)

EPSS Score: 0.21%

SSVC Exploitation: none

Source: CVE
April 8th, 2025 (2 months ago)

CVE-2025-24447
ColdFusion | Deserialization of Untrusted Data (CWE-502)
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS: CRITICAL (9.1)

EPSS Score: 4.41%

SSVC Exploitation: none

Source: CVE
April 8th, 2025 (2 months ago)

CVE-2025-24446
ColdFusion | Improper Input Validation (CWE-20)
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS: CRITICAL (9.1)

EPSS Score: 1.25%

SSVC Exploitation: none

Source: CVE
April 8th, 2025 (2 months ago)

CVE-2024-30224
WordPress WholesaleX plugin <= 1.3.2 - Unauthenticated PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2.

CVSS: CRITICAL (10.0)

EPSS Score: 0.77%

SSVC Exploitation: none

Source: CVE
April 8th, 2025 (2 months ago)

CVE-2024-29100
WordPress AI Engine plugin <= 2.1.4 - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.

CVSS: CRITICAL (9.1)

EPSS Score: 0.08%

SSVC Exploitation: none

Source: CVE
April 8th, 2025 (2 months ago)

CVE-2024-2890
WordPress Tumult Hype Animations plugin <= 1.9.12 - Arbitrary File Upload vulnerability
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.

CVSS: CRITICAL (9.1)

EPSS Score: 0.34%

SSVC Exploitation: poc

Source: CVE
April 8th, 2025 (2 months ago)
Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
Description: Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0. "An unverified password change vulnerability [CWE-620] in FortiSwitch GUI may allow a remote unauthenticated attacker to modify

CVSS: CRITICAL (9.3)

EPSS Score: 0.07%

Source: TheHackerNews
April 8th, 2025 (2 months ago)

CVE-2025-32028
HAX CMS PHP allows Insecure File Upload to Lead to Remote Code Execution
Description: HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is non-exhaustive and only blocks ’.php’, ’.sh’, ’.js’, and ’.css’ files. The existing logic causes the system to "fail open" rather than "fail closed." This vulnerability is fixed in 10.0.3.

CVSS: CRITICAL (10.0)

EPSS Score: 0.05%

Source: CVE
April 8th, 2025 (2 months ago)