CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-45753 |
Description: A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature.
CVSS: HIGH (7.2) EPSS Score: 0.06%
May 21st, 2025 (25 days ago)
|
|
Description: The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location. This allows an unauthenticated remote user to download created backups and configuration files.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-48201
https://github.com/nitsan-technologies/ns_backup/commit/67b8102a19e8e516dc4228f5c42f9e4fba5046cb
https://github.com/FriendsOfPHP/security-advisories/blob/master/nitsan/ns-backup/CVE-2025-48201.yaml
https://typo3.org/security/advisory/typo3-ext-sa-2025-007
https://github.com/advisories/GHSA-hq4f-5qjv-fwrg
CVSS: HIGH (8.6) EPSS Score: 0.04%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-5049 |
Description: A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. This vulnerability affects unknown code of the component APPEND Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In FreeFloat FTP Server 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente APPEND Command Handler. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.05%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-3751 |
Description: The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information
CVSS: HIGH (7.0) EPSS Score: 0.03%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-2261 |
Description: Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application.
CVSS: HIGH (7.0) EPSS Score: 0.05%
May 21st, 2025 (25 days ago)
|
|
|
Description: Insecure Direct Object Reference in the reint_downloadmanager TYPO3 extension allows remote attackers to read arbitrary files via the downloaduid parameter in the downloadAction.
References
https://github.com/Kephson/reint_downloadmanager/commit/99b07497f5842a59e934583283e1b5a477ce79a9
https://github.com/FriendsOfPHP/security-advisories/blob/master/renolit/reint-downloadmanager/CVE-2025-48207.yaml
https://typo3.org/security/advisory/typo3-ext-sa-2025-004
https://github.com/advisories/GHSA-jjwh-4x89-7f5w
CVSS: HIGH (8.6) EPSS Score: 0.04%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-5032 |
Description: A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/edit-category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in Campcodes Online Shopping Portal 1.0 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei /admin/edit-category.php. Durch Manipulation des Arguments Category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-48060 |
Description: jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
CVSS: HIGH (7.7) EPSS Score: 0.06%
May 21st, 2025 (25 days ago)
|
|
CVE-2025-46822 |
Description: OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized access to sensitive internal files. Commit c835c6f7799eacada4c0fc77e0816f250af01ad2 contains a patch for the issue.
CVSS: HIGH (7.7) EPSS Score: 13.28%
May 21st, 2025 (25 days ago)
|
|
Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-4919.
CVSS: HIGH (8.8) EPSS Score: 0.04%
May 21st, 2025 (25 days ago)
|