CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22286 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition allows Reflected XSS. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.21.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|
|
CVE-2025-22284 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition allows Reflected XSS. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|
|
CVE-2024-44044 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Oshine Modules allows Reflected XSS. This issue affects Oshine Modules: from n/a through n/a.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 17th, 2025 (4 months ago)
|
|
CVE-2024-13488 |
Description: The LTL Freight Quotes – Estes Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: HIGH (7.5) EPSS Score: 0.06%
February 16th, 2025 (4 months ago)
|
|
CVE-2025-24700 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xylus Themes WP Event Aggregator allows Reflected XSS. This issue affects WP Event Aggregator: from n/a through 1.8.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 15th, 2025 (4 months ago)
|
|
CVE-2025-24699 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company WP Coder allows Cross-Site Scripting (XSS). This issue affects WP Coder: from n/a through 3.6.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 15th, 2025 (4 months ago)
|
|
CVE-2025-24692 |
Description: Missing Authorization vulnerability in Michael Revellin-Clerc Bulk Menu Edit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bulk Menu Edit: from n/a through 1.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 15th, 2025 (4 months ago)
|
|
CVE-2025-24688 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.20.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 15th, 2025 (4 months ago)
|
|
CVE-2025-24641 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rickonline_nl Better WishList API allows Stored XSS. This issue affects Better WishList API: from n/a through 1.1.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 15th, 2025 (4 months ago)
|
|
CVE-2025-24617 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter allows Reflected XSS. This issue affects AcyMailing SMTP Newsletter: from n/a through n/a.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 15th, 2025 (4 months ago)
|