CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-40595 |
Description: A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.
CVSS: HIGH (7.2) EPSS Score: 0.02%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-3875 |
Description: Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats [email protected] as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1.
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-26785 |
Description: An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds writes.
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-47782 |
Description: motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as motionEye run user, `motion` by default. The vulnerability has been patched with motionEye v0.43.1b4. As a workaround, apply the patch manually.
CVSS: HIGH (8.9) EPSS Score: 0.06%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-40595 |
Description: A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.IMPORTANT: SonicWall PSIRT strongly advises users of the SMA1000 product to upgrade to the latest hotfix release version to address the vulnerability.Please note that SonicWall Firewall and SMA 100 series products are not affected by this vulnerability.
CVE: CVE-2025-40595
Last updated: May 14, 2025, 3:39 p.m.
CVSS: HIGH (7.2) EPSS Score: 0.02%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-24022 |
Description: iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1.
CVSS: HIGH (8.5) EPSS Score: 0.08%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2024-10864 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText Advance Authentication. This issue affects Advance Authentication versions before 6.5
CVSS: HIGH (7.5) EPSS Score: 0.15% SSVC Exploitation: none
May 14th, 2025 (about 1 month ago)
|
|
CVE-2024-0510 |
Description: A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Affected by this issue is the function http_post of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250652. Eine kritische Schwachstelle wurde in HaoKeKeJi YiQiNiu bis 3.1 entdeckt. Dies betrifft die Funktion http_post der Datei /application/pay/controller/Api.php. Mittels Manipulieren des Arguments url mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.12% SSVC Exploitation: poc
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-3623 |
Description: The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files.
CVSS: HIGH (8.1) EPSS Score: 0.06% SSVC Exploitation: none
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-3600 |
Description: In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 14th, 2025 (about 1 month ago)
|