CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-48137 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01.
CVSS: HIGH (8.5) EPSS Score: 0.03%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-48136 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik allows PHP Local File Inclusion. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12.
CVSS: HIGH (7.5) EPSS Score: 0.13%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-48134 |
Description: Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs allows Object Injection. This issue affects WP Tabs: from n/a through 2.2.11.
CVSS: HIGH (7.2) EPSS Score: 0.06%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-48114 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger allows Stored XSS. This issue affects ShayanWeb Admin FontChanger: from n/a through 1.8.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-48112 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in karimmughal Dot html,php,xml etc pages allows Reflected XSS. This issue affects Dot html,php,xml etc pages: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-4785 |
Description: A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user-profile.php. The manipulation of the argument fullname/contactnumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in PHPGurukul Daily Expense Tracker System 1.1 ausgemacht. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /user-profile.php. Durch Manipulieren des Arguments fullname/contactnumber mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.04%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-47693 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Services Booking allows PHP Local File Inclusion. This issue affects FAT Services Booking: from n/a through 5.5.
CVSS: HIGH (7.5) EPSS Score: 0.13%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-47567 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Video Player & FullScreen Video Background allows Blind SQL Injection. This issue affects Video Player & FullScreen Video Background: from n/a through 2.4.1.
CVSS: HIGH (7.6) EPSS Score: 0.04%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-39507 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa Core: from n/a through 6.3.2.
CVSS: HIGH (7.5) EPSS Score: 0.13%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-39492 |
Description: Path Traversal vulnerability in WHMPress WHMpress allows Relative Path Traversal. This issue affects WHMpress: from 6.2 through revision.
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 16th, 2025 (about 1 month ago)
|