CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-47935 |
Description: Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available.
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-39411 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Indie_Plugins WhatsApp Click to Chat Plugin for WordPress.This issue affects WhatsApp Click to Chat Plugin for WordPress: from n/a through 2.2.12.
CVSS: HIGH (7.5) EPSS Score: 0.11%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-39409 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pressaholic WordPress Video Robot - The Ultimate Video Importer.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-39407 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Caseproof, LLC Memberpress allows Reflected XSS.This issue affects Memberpress: from n/a through 1.11.37.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-39405 |
Description: Incorrect Privilege Assignment vulnerability in mojoomla WPAMS allows Privilege Escalation.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).
CVSS: HIGH (8.8) EPSS Score: 0.04%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-39403 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPAMS allows SQL Injection.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-39393 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla Hospital Management System allows Reflected XSS.This issue affects Hospital Management System: from n/a through 47.0 (20-11-2023).
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-39392 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPAMS allows Reflected XSS.This issue affects WPAMS: from n/a through 44.0 (17-08-2023).
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-39372 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in elbisnero WordPress Events Calendar Registration & Tickets allows Reflected XSS.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through 2.6.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-39366 |
Description: Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0.
CVSS: HIGH (8.8) EPSS Score: 0.04%
May 19th, 2025 (28 days ago)
|