CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-4579 |
Description: The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: HIGH (7.2) EPSS Score: 0.12%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-47783 |
Description: Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attacks. The vulnerability is reproducible when sending a properly formatted request to the `POST /projects/upload-example/` endpoint. In the source code, the vulnerability is located at `label_studio/projects/views.py`. Version 1.18.0 contains a patch for the issue.
CVSS: HIGH (7.6) EPSS Score: 0.06%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-45067 |
Description: Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS: HIGH (8.2) EPSS Score: 0.01%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2024-55569 |
Description: An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds writes.
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-4640 |
Description: Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib.
CVSS: HIGH (8.3) EPSS Score: 0.05%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-4639 |
Description: CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0.
CVSS: HIGH (8.8) EPSS Score: 0.06%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-2900 |
Description: IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-0131 |
Description: An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtectâ„¢ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.
CVSS: HIGH (7.1) EPSS Score: 0.01%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2024-24981 |
Description: Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
CVSS: HIGH (7.5) EPSS Score: 0.03% SSVC Exploitation: none
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-47710 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
CVSS: HIGH (7.4) EPSS Score: 0.06%
May 14th, 2025 (about 1 month ago)
|