CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3952 |
Description: The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'pto_remove_logo' function in all versions up to, and including, 5.1.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users.
CVSS: HIGH (8.1) EPSS Score: 0.04% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-23254 |
Description: NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data validation issue by local access to the TRTLLM server. A successful exploit of this vulnerability may lead to code execution, information disclosure and data tampering.
CVSS: HIGH (8.8) EPSS Score: 0.08% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-23244 |
Description: NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
CVSS: HIGH (7.8) EPSS Score: 0.01% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-1305 |
Description: The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: HIGH (8.8) EPSS Score: 0.06% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-1304 |
Description: The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (8.8) EPSS Score: 0.23% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2024-6435 |
Description: A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section.
CVSS: HIGH (8.8) EPSS Score: 0.06% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2024-6236 |
Description: Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX
CVSS: HIGH (7.1) EPSS Score: 0.08% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2024-5990 |
Description: Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.
CVSS: HIGH (7.5) EPSS Score: 0.22% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2024-5602 |
Description: A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file.
The NI I/O Trace tool is installed as part of the NI System Configuration utilities included with many NI software products. Refer to the NI Security Advisory for identifying the version of NI IO Trace.exe installed. The NI I/O Trace tool was also previously released as NI Spy.
CVSS: HIGH (7.8) EPSS Score: 0.04% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2024-4081 |
Description: A memory corruption issue due to an improper length check in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects NI LabVIEW 2024 Q1 and prior versions.
CVSS: HIGH (7.8) EPSS Score: 0.01% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|