CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-4179 |
Description: The Flynax Bridge plugin for WordPress is vulnerable to limited Privilege Escalation due to a missing capability check on the registerUser() function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to register new user accounts as authors.
CVSS: HIGH (7.3) EPSS Score: 0.08%
May 2nd, 2025 (about 2 months ago)
|
|
CVE-2025-4184 |
Description: A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component QUOTE Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PCMan FTP Server 2.0.7 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Komponente QUOTE Command Handler. Dank Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.04%
May 2nd, 2025 (about 2 months ago)
|
|
CVE-2025-4183 |
Description: A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component RECV Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in PCMan FTP Server 2.0.7 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente RECV Command Handler. Dank der Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.06%
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-4182 |
Description: A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component BELL Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in PCMan FTP Server 2.0.7 ausgemacht. Davon betroffen ist unbekannter Code der Komponente BELL Command Handler. Durch Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.04%
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-43595 |
Description: An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a lower privileged user to execute commands with root level privileges in the 'Online Backup' folder. Users are recommended to upgrade to MSP360 Backup 4.4 (released on 2025-04-22).
CVSS: HIGH (7.8) EPSS Score: 0.01%
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-4176 |
Description: A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Blood Bank & Donor Management System 2.4 wurde eine kritische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalität der Datei /admin/request-received-bydonar.php. Mittels Manipulieren des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.04%
May 1st, 2025 (about 2 months ago)
|
|
CVE-2024-48907 |
Description: Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API.
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-46634 |
Description: Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an unauthenticated attacker to authenticate to the web management portal by collecting credentials from observed/collected traffic. It implements encryption, but not until after the user has transmitted the hash of their password in cleartext. The hash can be replayed to authenticate.
CVSS: HIGH (8.2) EPSS Score: 0.01%
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-46633 |
Description: Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in response to successful authentication. The IV is always EU5H62G9ICGRNI43.
CVSS: HIGH (8.2) EPSS Score: 0.03%
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-46628 |
Description: Lack of input validation/sanitization in the 'ate' management service in the Tenda RX2 Pro 16.03.30.14 allows an unauthorized remote attacker to gain root shell access to the device by sending a crafted UDP packet to the 'ate' service when it is enabled. Authentication is not needed.
CVSS: HIGH (7.3) EPSS Score: 0.36%
May 1st, 2025 (about 2 months ago)
|