CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31122 |
Description: scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field.
CVSS: CRITICAL (9.0) EPSS Score: 0.05%
March 31st, 2025 (2 months ago)
|
|
CVE-2025-30223 |
Description: Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially leading to session hijacking, credential theft, or account takeover. The vulnerability affects any application using Beego's RenderForm() function with user-provided data. Since it is a high-level function generating an entire form markup, many developers would assume it automatically escapes attributes (the way most frameworks do). This vulnerability is fixed in 2.3.6.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
March 31st, 2025 (2 months ago)
|
|
CVE-2025-30004 |
Description: Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user.
This issue affects CompletePBX: all versions up to and prior to 5.2.35
CVSS: CRITICAL (9.1) EPSS Score: 0.23%
March 31st, 2025 (2 months ago)
|
|
Description: CVE-2025-2071: OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI
CVSS: CRITICAL (10.0) EPSS Score: 1.05%
March 31st, 2025 (2 months ago)
|
|
CVE-2025-29266 |
Description: Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.
CVSS: CRITICAL (9.6) EPSS Score: 0.12%
March 31st, 2025 (2 months ago)
|
|
CVE-2025-3022 |
Description: Os command injection vulnerability in e-solutions e-management. This vulnerability allows an attacker to execute arbitrary commands on the server via the ‘client’ parameter in the /data/apache/e-management/api/api3.php endpoint.
CVSS: CRITICAL (9.3) EPSS Score: 0.69%
March 31st, 2025 (2 months ago)
|
|
CVE-2025-2071 |
Description: A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are "hd" and "pi".
CVSS: CRITICAL (10.0) EPSS Score: 1.05%
March 31st, 2025 (2 months ago)
|
|
CVE-2025-26689 |
Description: Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered.
CVSS: CRITICAL (9.8) EPSS Score: 0.25%
March 31st, 2025 (2 months ago)
|
|
CVE-2025-25211 |
Description: Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 31st, 2025 (2 months ago)
|
|
CVE-2025-3011 |
Description: SOOP-CLM from PiExtract has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVSS: CRITICAL (9.8) EPSS Score: 0.11%
March 31st, 2025 (2 months ago)
|