CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-4290
PCMan FTP Server SMNT Command buffer overflow
Description: A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SMNT Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PCMan FTP Server 2.0.7 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente SMNT Command Handler. Mit der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.06%

Source: CVE
May 5th, 2025 (about 2 months ago)

CVE-2025-4289
PCMan FTP Server RNTO Command buffer overflow
Description: A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component RNTO Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PCMan FTP Server 2.0.7 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalität der Komponente RNTO Command Handler. Dank Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.06%

Source: CVE
May 5th, 2025 (about 2 months ago)

CVE-2025-4288
PCMan FTP Server RNFR Command buffer overflow
Description: A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component RNFR Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in PCMan FTP Server 2.0.7 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Komponente RNFR Command Handler. Dank der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.06%

Source: CVE
May 5th, 2025 (about 2 months ago)

CVE-2025-46731
Craft CMS Contains a Potential Remote Code Execution Vulnerability via Twig SSTI
Description: Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and `ALLOW_ADMIN_CHANGES` must be enabled for this to work. Users should update to the patched versions 4.14.13 or 5.6.15 to mitigate the issue.

CVSS: HIGH (7.3)

EPSS Score: 0.42%

Source: CVE
May 5th, 2025 (about 2 months ago)

CVE-2025-46726
Langroid Vulnerable to XXE Injection via XMLToolMessage
Description: Langroid is a framework for building large-language-model-powered applications. Prior to version 0.53.4, a LLM application leveraging `XMLToolMessage` class may be exposed to untrusted XML input that could result in DoS and/or exposing local files with sensitive information. Version 0.53.4 fixes the issue.

CVSS: HIGH (7.8)

EPSS Score: 0.05%

Source: CVE
May 5th, 2025 (about 2 months ago)

CVE-2025-45617
Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a...
Description: Incorrect access control in the component /user/list of production_ssm v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
May 5th, 2025 (about 2 months ago)

CVE-2025-45614
Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload.
Description: Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
May 5th, 2025 (about 2 months ago)

CVE-2025-45613
Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload.
Description: Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
May 5th, 2025 (about 2 months ago)

CVE-2025-45610
Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a...
Description: Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a crafted payload.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
May 5th, 2025 (about 2 months ago)

CVE-2025-45609
Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a crafted...
Description: Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a crafted payload.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
May 5th, 2025 (about 2 months ago)