CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-39374 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in aseem1234 Best Posts Summary allows Stored XSS.This issue affects Best Posts Summary: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-39370 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cnilsson iCafe Library allows SQL Injection.This issue affects iCafe Library: from n/a through 1.8.3.
CVSS: HIGH (7.6) EPSS Score: 0.04% SSVC Exploitation: none
May 19th, 2025 (28 days ago)
|
|
CVE-2025-39364 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginEver Product Category Slider for WooCommerce allows PHP Local File Inclusion.This issue affects Product Category Slider for WooCommerce: from n/a through 4.3.4.
CVSS: HIGH (7.5) EPSS Score: 0.13% SSVC Exploitation: none
May 19th, 2025 (28 days ago)
|
|
CVE-2025-26621 |
Description: OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue.
CVSS: HIGH (7.6) EPSS Score: 0.05%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-24189 |
Description: The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption.
CVSS: HIGH (8.8) EPSS Score: 0.05% SSVC Exploitation: none
May 19th, 2025 (28 days ago)
|
|
CVE-2025-23988 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruno Cavalcante Ghostwriter allows Reflected XSS.This issue affects Ghostwriter: from n/a through 1.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-23986 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fyrewurks Tiki Time allows Reflected XSS.This issue affects Tiki Time: from n/a through 1.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-23983 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tijaji allows Reflected XSS.This issue affects Tijaji: from n/a through 1.43.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-23981 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takimi Themes CarZine allows Reflected XSS.This issue affects CarZine: from n/a through 1.4.6.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 19th, 2025 (28 days ago)
|
|
CVE-2025-23979 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in duwasai Flashy allows Reflected XSS.This issue affects Flashy: from n/a through 1.2.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 19th, 2025 (28 days ago)
|