CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-31922
WordPress CSS3 Accordions for WordPress plugin <= 3.0 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in QuanticaLabs CSS3 Accordions for WordPress allows Stored XSS. This issue affects CSS3 Accordions for WordPress: from n/a through 3.0.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
May 16th, 2025 (about 1 month ago)

CVE-2025-31641
WordPress UberSlider <= 2.3 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup UberSlider allows SQL Injection. This issue affects UberSlider: from n/a through 2.3.

CVSS: HIGH (8.5)

EPSS Score: 0.03%

Source: CVE
May 16th, 2025 (about 1 month ago)

CVE-2025-31640
WordPress Magic Responsive Slider and Carousel WordPress <= 1.4 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress allows SQL Injection. This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through 1.4.

CVSS: HIGH (8.5)

EPSS Score: 0.03%

Source: CVE
May 16th, 2025 (about 1 month ago)

CVE-2025-31637
WordPress SHOUT <= 3.5.3 - SQL Injection Vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup SHOUT allows SQL Injection. This issue affects SHOUT: from n/a through 3.5.3.

CVSS: HIGH (8.5)

EPSS Score: 0.03%

Source: CVE
May 16th, 2025 (about 1 month ago)

CVE-2025-4478
Gnome-remote-desktop: unauthenticated rdp packet causes segfault in gnome-remote-desktop leading to denial of service
Description: A flaw was found in the gnome-remote-desktop used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.

CVSS: HIGH (7.1)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
May 16th, 2025 (about 1 month ago)
[tornado] Tornado vulnerable to excessive logging caused by malformed multipart form data
Description: Summary When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous. Affected versions All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default. Solution Upgrade to Tornado version 6.5. In the meantime, risk can be mitigated by blocking Content-Type: multipart/form-data in a proxy. References https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m https://nvd.nist.gov/vuln/detail/CVE-2025-47287 https://github.com/tornadoweb/tornado/commit/b39b892bf78fe8fea01dd45199aa88307e7162f3 https://github.com/advisories/GHSA-7cx3-6m66-7c5m

CVSS: HIGH (7.5)

EPSS Score: 0.12%

Source: Github Advisory Database (PIP)
May 16th, 2025 (about 1 month ago)

CVE-2025-4731
TOTOLINK A3002R/A3002RU HTTP POST Request formPortFw buffer overflow
Description: A vulnerability classified as critical has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615 entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /boafrm/formPortFw der Komponente HTTP POST Request Handler. Durch Beeinflussen des Arguments service_type mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (8.8)

EPSS Score: 0.09%

SSVC Exploitation: none

Source: CVE
May 16th, 2025 (about 1 month ago)

CVE-2025-4730
TOTOLINK A3002R/A3002RU HTTP POST Request formMapDel buffer overflow
Description: A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument devicemac1 leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /boafrm/formMapDel der Komponente HTTP POST Request Handler. Durch das Beeinflussen des Arguments devicemac1 mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (8.8)

EPSS Score: 0.09%

SSVC Exploitation: none

Source: CVE
May 16th, 2025 (about 1 month ago)

CVE-2025-4600
HTTP Request Smuggling in Google Cloud Classic Application Load Balancer due to Improper Chunked Encoding Validation
Description: A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend servers. The issue was fixed by disallowing stray data after a chunk, and is no longer exploitable. No action is required as Classic Application Load Balancer service after 2025-04-26 is not vulnerable.

CVSS: HIGH (8.7)

EPSS Score: 0.1%

Source: CVE
May 16th, 2025 (about 1 month ago)

CVE-2025-4211
Improper Link Resolution Before File Access in QFileSystemEngine on Windows
Description: Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious Files. Issue originates from CVE-2024-38081. The vulnerability arises from the use of the GetTempPath API, which can be exploited by attackers to manipulate temporary file paths, potentially leading to unauthorized access and privilege escalation. The affected public API in the Qt Framework is QDir::tempPath() and anything that uses it, such as QStandardPaths with TempLocation, QTemporaryDir, and QTemporaryFile.This issue affects all version of Qt up to and including 5.15.18, from 6.0.0 through 6.5.8, from 6.6.0 through 6.8.1. It is fixed in Qt 5.15.19, Qt 6.5.9, Qt 6.8.2, 6.9.0

CVSS: HIGH (7.3)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
May 16th, 2025 (about 1 month ago)