CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22678 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mythemes my white allows Reflected XSS.This issue affects my white: from n/a through 2.0.8.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 19th, 2025 (29 days ago)
|
|
Description: Summary
A path traversal vulnerability in PackageIndex was fixed in setuptools version 78.1.1
Details
def _download_url(self, url, tmpdir):
# Determine download filename
#
name, _fragment = egg_info_for_url(url)
if name:
while '..' in name:
name = name.replace('..', '.').replace('\\', '_')
else:
name = "__downloaded__" # default if URL has no path contents
if name.endswith('.[egg.zip](http://egg.zip/)'):
name = name[:-4] # strip the extra .zip before download
--> filename = os.path.join(tmpdir, name)
Here: https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88
os.path.join() discards the first argument tmpdir if the second begins with a slash or drive letter.
name is derived from a URL without sufficient sanitization. While there is some attempt to sanitize by replacing instances of '..' with '.', it is insufficient.
Risk Assessment
As easy_install and package_index are deprecated, the exploitation surface is reduced.
However, it seems this could be exploited in a similar fashion like https://github.com/advisories/GHSA-r9hx-vwmv-q579, and as described by POC 4 in https://github.com/advisories/GHSA-cx63-2mw6-8hw5 report: via malicious URLs present on the pages of a package index.
Impact
An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions o...
CVSS: HIGH (7.7) EPSS Score: 0.1%
May 19th, 2025 (29 days ago)
|
|
|
Description: Summary
A command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special platform tags. Specifically, an unauthorized user can use the /echo command to cause the bot to send a message that mentions all members in the chat, bypassing any permission controls. This can lead to spam, disruption, or abuse of notification systems.
Details
The framework provides a command /echo that causes the bot to repeat any user-provided message verbatim in the group chat. However, the bot fails to sanitize or filter platform-specific control elements such as , which, when included in a message, mentions everyone (i.e., @全体成员). While normal users are forbidden from using this tag in normal chats, the bot, which has higher privileges, is allowed to do so.
Since the /echo command blindly echoes any content, a user can exploit this by sending:
/echo
The bot will then send a message containing , causing the platform to interpret it as an @全体成员 command, effectively allowing an unauthorized user to @everyone via the bot.
PoC
Set up a chatbot using the affected framework.
Join the chat that includes the bot as a regular user with no permission to use @全体成员.
Send the following message in the chat:
/echo
The bot will respond by repeating the message, and the platform will interpret as an @全体成员 mention.
All the chat members receive a notification, despite the user lacking that permission.
References
https://github.co...
CVSS: HIGH (7.2) EPSS Score: 0.06%
May 19th, 2025 (29 days ago)
|
|
CVE-2025-4937 |
Description: A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. In SourceCodester Apartment Visitor Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei /profile.php. Durch die Manipulation des Arguments mobilenumber mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03% SSVC Exploitation: poc
May 19th, 2025 (29 days ago)
|
|
CVE-2025-4844 |
Description: A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component CD Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In FreeFloat FTP Server 1.0 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Komponente CD Command Handler. Durch Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.04% SSVC Exploitation: poc
May 19th, 2025 (29 days ago)
|
|
CVE-2025-48280 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ruben Garcia AutomatorWP allows Blind SQL Injection. This issue affects AutomatorWP: from n/a through 5.2.1.3.
CVSS: HIGH (7.6) EPSS Score: 0.04%
May 19th, 2025 (29 days ago)
|
|
CVE-2025-48278 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in davidfcarr RSVPMarker allows SQL Injection. This issue affects RSVPMarker : from n/a through 11.5.6.
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 19th, 2025 (29 days ago)
|
|
CVE-2025-48238 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in awcode AWcode Toolkit allows Stored XSS. This issue affects AWcode Toolkit: from n/a through 1.0.18.
CVSS: HIGH (7.1) EPSS Score: 0.02%
May 19th, 2025 (29 days ago)
|
|
CVE-2025-48236 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bunny.net bunny.net allows Stored XSS. This issue affects bunny.net: from n/a through 2.3.0.
CVSS: HIGH (8.5) EPSS Score: 0.05%
May 19th, 2025 (29 days ago)
|
|
CVE-2025-48233 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in affmngr Affiliates Manager Google reCAPTCHA Integration allows Stored XSS. This issue affects Affiliates Manager Google reCAPTCHA Integration: from n/a through 1.0.6.
CVSS: HIGH (7.1) EPSS Score: 0.02%
May 19th, 2025 (29 days ago)
|