CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26997 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in validas Wireless Butler allows Reflected XSS.This issue affects Wireless Butler: from n/a through 1.0.11.
CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none
May 19th, 2025 (28 days ago)
|
|
CVE-2025-26735 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Candid themes Grip.This issue affects Grip: from n/a through 1.0.9.
CVSS: HIGH (7.5) EPSS Score: 0.11%
May 19th, 2025 (28 days ago)
|
|
CVE-2024-23440 |
Description: Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.
CVSS: HIGH (7.1) EPSS Score: 0.01% SSVC Exploitation: none
May 19th, 2025 (28 days ago)
|
|
CVE-2024-23439 |
Description: Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver.
CVSS: HIGH (7.1) EPSS Score: 0.01% SSVC Exploitation: none
May 19th, 2025 (28 days ago)
|
|
CVE-2025-4941 |
Description: A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in PHPGurukul Credit Card Application Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/index.php. Durch Manipulieren des Arguments Username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-43840 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ref CheckBot allows Stored XSS.This issue affects CheckBot: from n/a through 1.05.
CVSS: HIGH (7.1) EPSS Score: 0.02%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-43833 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amir Helzer Absolute Links allows Blind SQL Injection.This issue affects Absolute Links: from n/a through 1.1.1.
CVSS: HIGH (7.6) EPSS Score: 0.04%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-39396 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetReviews allows PHP Local File Inclusion.This issue affects JetReviews: from n/a through 2.3.6.
CVSS: HIGH (7.5) EPSS Score: 0.13%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-4428 |
Description: Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library.
CVSS: HIGH (7.2) EPSS Score: 38.95%
May 19th, 2025 (28 days ago)
|
|
CVE-2023-38950 |
Description: ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.
CVSS: HIGH (7.5)
May 19th, 2025 (28 days ago)
|