CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26873 |
Description: Deserialization of Untrusted Data vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.
CVSS: CRITICAL (9.0) EPSS Score: 0.05%
March 27th, 2025 (3 months ago)
|
|
CVE-2024-29855 |
Description: Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator
CVSS: CRITICAL (9.0) EPSS Score: 17.79% SSVC Exploitation: none
March 27th, 2025 (3 months ago)
|
|
CVE-2024-4009 |
Description: Replay Attack
in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System
CVSS: CRITICAL (9.2) EPSS Score: 0.03% SSVC Exploitation: none
March 27th, 2025 (3 months ago)
|
|
CVE-2024-22252 |
Description: VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed.
CVSS: CRITICAL (9.3) EPSS Score: 0.32% SSVC Exploitation: none
March 27th, 2025 (3 months ago)
|
|
CVE-2025-30367 |
Description: WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. Version 3.2.6 contains a fix for the issue.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-30365 |
Description: WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/sistema/controller/query_geracao_auto.php, specifically in the query parameter. This vulnerability allows the execution of arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. Version 3.2.8 fixes the issue.
CVSS: CRITICAL (9.4) EPSS Score: 0.05%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-30364 |
Description: WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the id_funcionario parameter. This vulnerability allows the execution of arbitrary SQL commands, which can compromise the confidentiality, integrity, and availability of stored data. Version 3.2.8 fixes the issue.
CVSS: CRITICAL (10.0) EPSS Score: 0.06%
March 27th, 2025 (3 months ago)
|
|
CVE-2025-30361 |
Description: WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass authentication and authorization mechanisms to reset the password of any user, including admin accounts. Version 3.2.6 fixes the issue.
CVSS: CRITICAL (9.3) EPSS Score: 0.06%
March 27th, 2025 (3 months ago)
|
|
CVE-2024-21181 |
Description: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS: CRITICAL (9.8) EPSS Score: 0.57% SSVC Exploitation: none
March 27th, 2025 (3 months ago)
|
|
CVE-2025-26909 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through 5.4.01.
CVSS: CRITICAL (9.6) EPSS Score: 0.11%
March 27th, 2025 (3 months ago)
|