CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-4711 |
Description: A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /pages/stockin_add.php. The manipulation of the argument prod_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in Campcodes Sales and Inventory System 1.0 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /pages/stockin_add.php. Durch Manipulieren des Arguments prod_name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03% SSVC Exploitation: poc
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-32922 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Tobias WP2LEADS allows Stored XSS.This issue affects WP2LEADS: from n/a through 3.5.0.
CVSS: HIGH (7.1) EPSS Score: 0.02% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-30475 |
Description: Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to elevation of privileges.
CVSS: HIGH (8.1) EPSS Score: 0.07%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-4710 |
Description: A vulnerability, which was classified as critical, has been found in Campcodes Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /pages/transaction.php. The manipulation of the argument cid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in Campcodes Sales and Inventory System 1.0 entdeckt. Betroffen davon ist ein unbekannter Prozess der Datei /pages/transaction.php. Durch das Manipulieren des Arguments cid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-4709 |
Description: A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/transaction_del.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In Campcodes Sales and Inventory System 1.0 wurde eine kritische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /pages/transaction_del.php. Mittels Manipulieren des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-43853 |
Description: The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink following vulnerability. On WAMR running in Windows, creating a symlink pointing outside of the preopened directory and subsequently opening it with create flag will create a file on host outside of the sandbox. If the symlink points to an existing host file, it's also possible to open it and read its content. Version 2.3.0 fixes the issue.
CVSS: HIGH (7.0) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
Description: Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.
This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2.
Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-26864
https://lists.apache.org/thread/2kcjnlypppk8qjh17dpz0jvkcpn6l162
http://www.openwall.com/lists/oss-security/2025/05/14/4
https://github.com/apache/iotdb/pull/14863
https://github.com/apache/iotdb/commit/34fcaff6b72470d5ad369307dde7fae8897aea7e
https://github.com/advisories/GHSA-5fc3-pqf2-57cx
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-48050 |
Description: In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory.
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-30421 |
Description: There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-30420 |
Description: There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|