CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24007 |
Description: A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). Affected devices only provide weak password obfuscation. An attacker with network access could retrieve and de-obfuscate the safety password used for protection against inadvertent operating errors.
CVSS: HIGH (7.5) EPSS Score: 0.02%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2024-44087 |
Description: A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.
CVSS: HIGH (8.6) EPSS Score: 0.25% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2024-23815 |
Description: A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone), Desigo CC (All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones). The affected server application fails to authenticate specific client requests. Modification of the client binary could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database via the event port (default: 4998/tcp)
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-41645 |
Description: An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.
CVSS: HIGH (8.6) EPSS Score: 0.04%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-4474 |
Description: The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the plugin’s 'register' role setting to make new user registrations default to the administrator role, leading to an elevation of privileges to that of an administrator.
CVSS: HIGH (8.8) EPSS Score: 0.05%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-4473 |
Description: The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control where the plugin sends outgoing emails. By pointing SMTP to their own server, attackers could capture password reset emails intended for administrators, and elevate their privileges for full site takeover.
CVSS: HIGH (8.8) EPSS Score: 0.06%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-4317 |
Description: The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegem_get_logo_url() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (8.8) EPSS Score: 0.23%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-22249 |
Description: VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.
CVSS: HIGH (8.2) EPSS Score: 0.05%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-4396 |
Description: The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 (Free) and <= 2.27.4 (Premium) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries to already existing queries that can be used to extract sensitive information from the database.
CVSS: HIGH (7.5) EPSS Score: 15.02%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-35471 |
Description: conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected.
CVSS: HIGH (7.3) EPSS Score: 0.01%
May 13th, 2025 (about 1 month ago)
|