CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-45020
A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0....
Description: A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter in a POST request.

CVSS: HIGH (7.2)

EPSS Score: 0.11%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-4116
Netgear JWNR2000v2 get_cur_lang_ver buffer overflow
Description: A vulnerability, which was classified as critical, has been found in Netgear JWNR2000v2 1.0.0.11. Affected by this issue is the function get_cur_lang_ver. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. Eine kritische Schwachstelle wurde in Netgear JWNR2000v2 1.0.0.11 entdeckt. Es geht hierbei um die Funktion get_cur_lang_ver. Durch Manipulation des Arguments host mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden.

CVSS: HIGH (8.8)

EPSS Score: 0.2%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-4115
Netgear JWNR2000v2 default_version_is_new buffer overflow
Description: A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Affected by this vulnerability is the function default_version_is_new. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. In Netgear JWNR2000v2 1.0.0.11 wurde eine kritische Schwachstelle entdeckt. Es geht um die Funktion default_version_is_new. Durch die Manipulation des Arguments host mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen.

CVSS: HIGH (8.7)

EPSS Score: 0.2%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-3395
Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This...
Description: Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.

CVSS: HIGH (7.1)

EPSS Score: 0.01%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-3394
Vulnerability in user management of Automation Builder
Description: Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0.

CVSS: HIGH (7.8)

EPSS Score: 0.01%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-4114
Netgear JWNR2000v2 check_language_file buffer overflow
Description: A vulnerability classified as critical has been found in Netgear JWNR2000v2 1.0.0.11. Affected is the function check_language_file. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine kritische Schwachstelle in Netgear JWNR2000v2 1.0.0.11 entdeckt. Betroffen hiervon ist die Funktion check_language_file. Mit der Manipulation des Arguments host mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk.

CVSS: HIGH (8.8)

EPSS Score: 0.2%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-24351
A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to...
Description: A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request.

CVSS: HIGH (8.8)

EPSS Score: 0.3%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-24350
A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged)...
Description: A vulnerability in the “Certificates and Keys” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to write arbitrary certificates in arbitrary file system paths via a crafted HTTP request.

CVSS: HIGH (7.1)

EPSS Score: 0.18%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-24349
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker...
Description: A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to delete the configuration of physical network interfaces via a crafted HTTP request.

CVSS: HIGH (7.1)

EPSS Score: 0.4%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-24346
A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to...
Description: A vulnerability in the “Proxy” functionality of the web application of ctrlX OS allows a remote authenticated (lowprivileged) attacker to manipulate the “/etc/environment” file via a crafted HTTP request.

CVSS: HIGH (7.5)

EPSS Score: 0.34%

Source: CVE
April 30th, 2025 (about 2 months ago)