CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-45564 |
Description: Memory corruption during concurrent access to server info object due to incorrect reference count update.
CVSS: HIGH (7.8) EPSS Score: 0.01%
May 6th, 2025 (about 2 months ago)
|
|
CVE-2024-45554 |
Description: Memory corruption during concurrent SSR execution due to race condition on the global maps list.
CVSS: HIGH (7.8) EPSS Score: 0.01%
May 6th, 2025 (about 2 months ago)
|
|
CVE-2025-46585 |
Description: Out-of-bounds array read/write vulnerability in the kernel module
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS: HIGH (7.5) EPSS Score: 0.01%
May 6th, 2025 (about 2 months ago)
|
|
CVE-2025-4332 |
Description: A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /visitor-detail.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PHPGurukul Company Visitor Management System 2.0 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /visitor-detail.php. Durch Manipulieren des Arguments editid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.04%
May 6th, 2025 (about 2 months ago)
|
|
CVE-2025-46584 |
Description: Vulnerability of improper authentication logic implementation in the file system module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS: HIGH (7.8) EPSS Score: 0.01%
May 6th, 2025 (about 2 months ago)
|
|
🚨 Marked as known exploited on May 6th, 2025 (about 2 months ago).
Description: Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild.
The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges.
"The most severe of
CVSS: HIGH (8.1)
May 6th, 2025 (about 2 months ago)
|
|
CVE-2025-4311 |
Description: A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /admin/update_main_topic_img.php?topic_id=529. The manipulation of the argument stopic_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In itsourcecode Content Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /admin/update_main_topic_img.php?topic_id=529. Durch Manipulieren des Arguments stopic_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03%
May 6th, 2025 (about 2 months ago)
|
|
CVE-2025-2802 |
Description: The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.3.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVSS: HIGH (7.3) EPSS Score: 0.2%
May 6th, 2025 (about 2 months ago)
|
|
CVE-2025-46728 |
Description: cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when `Transfer-Encoding: chunked` is used or when no `Content-Length` header is provided. A remote attacker can send a chunked request without the terminating zero-length chunk, causing uncontrolled memory allocation on the server. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.20.1 fixes the issue by enforcing limits during parsing. If the limit is exceeded at any point during reading, the connection is terminated immediately. A short-term workaround through a Reverse Proxy is available. If updating the library immediately is not feasible, deploy a reverse proxy (e.g., Nginx, HAProxy) in front of the `cpp-httplib` application. Configure the proxy to enforce maximum request body size limits, thereby stopping excessively large requests before they reach the vulnerable library code.
CVSS: HIGH (7.5) EPSS Score: 0.18% SSVC Exploitation: poc
May 6th, 2025 (about 2 months ago)
|
|
CVE-2025-4309 |
Description: A vulnerability was found in PHPGurukul Art Gallery Management System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add-art-type.php. The manipulation of the argument arttype leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in PHPGurukul Art Gallery Management System 1.1 ausgemacht. Dies betrifft einen unbekannten Teil der Datei /admin/add-art-type.php. Mittels Manipulieren des Arguments arttype mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.04%
May 6th, 2025 (about 2 months ago)
|