CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5053 |
Description: A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component MDIR Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in FreeFloat FTP Server 1.0 entdeckt. Dies betrifft einen unbekannten Teil der Komponente MDIR Command Handler. Mit der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.04%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-5052 |
Description: A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component LS Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In FreeFloat FTP Server 1.0 wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalität der Komponente LS Command Handler. Dank Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.05%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-45753 |
Description: A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature.
CVSS: HIGH (7.2) EPSS Score: 0.06%
May 21st, 2025 (25 days ago)
|
|
Description: The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location. This allows an unauthenticated remote user to download created backups and configuration files.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-48201
https://github.com/nitsan-technologies/ns_backup/commit/67b8102a19e8e516dc4228f5c42f9e4fba5046cb
https://github.com/FriendsOfPHP/security-advisories/blob/master/nitsan/ns-backup/CVE-2025-48201.yaml
https://typo3.org/security/advisory/typo3-ext-sa-2025-007
https://github.com/advisories/GHSA-hq4f-5qjv-fwrg
CVSS: HIGH (8.6) EPSS Score: 0.04%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-5049 |
Description: A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. This vulnerability affects unknown code of the component APPEND Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In FreeFloat FTP Server 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente APPEND Command Handler. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.05%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-3751 |
Description: The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information
CVSS: HIGH (7.0) EPSS Score: 0.03%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-2261 |
Description: Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application.
CVSS: HIGH (7.0) EPSS Score: 0.05%
May 21st, 2025 (25 days ago)
|
|
|
Description: Insecure Direct Object Reference in the reint_downloadmanager TYPO3 extension allows remote attackers to read arbitrary files via the downloaduid parameter in the downloadAction.
References
https://github.com/Kephson/reint_downloadmanager/commit/99b07497f5842a59e934583283e1b5a477ce79a9
https://github.com/FriendsOfPHP/security-advisories/blob/master/renolit/reint-downloadmanager/CVE-2025-48207.yaml
https://typo3.org/security/advisory/typo3-ext-sa-2025-004
https://github.com/advisories/GHSA-jjwh-4x89-7f5w
CVSS: HIGH (8.6) EPSS Score: 0.04%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-5032 |
Description: A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in Campcodes Online Shopping Portal 1.0 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/edit-category.php. Durch Manipulation des Arguments Category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-48060 |
Description: jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
CVSS: HIGH (7.7) EPSS Score: 0.06%
May 21st, 2025 (25 days ago)
|