CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-46617 |
Description: Quantum StorNext Web GUI API before 7.2.4 grants access to internal StorNext configuration and unauthorized modification of some software configuration parameters via undocumented user credentials. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage.
CVSS: HIGH (7.2) EPSS Score: 0.03%
April 25th, 2025 (about 2 months ago)
|
|
CVE-2025-2238 |
Description: The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient user_meta restrictions in the 'vikinger_user_meta_update_ajax' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate their privileges to Administrator-level.
CVSS: HIGH (8.8) EPSS Score: 0.04%
April 25th, 2025 (about 2 months ago)
|
|
CVE-2025-46613 |
Description: OpenPLC 3 through 64f9c11 has server.cpp Memory Corruption because a thread may access handleConnections arguments after the parent stack frame becomes unavailable.
CVSS: HIGH (7.5) EPSS Score: 0.05%
April 25th, 2025 (about 2 months ago)
|
|
CVE-2025-3606 |
Description: Vestel AC Charger
version
3.75.0 contains a vulnerability that
could enable an attacker to access files containing sensitive
information, such as credentials which could be used to further
compromise the device.
CVSS: HIGH (7.5) EPSS Score: 0.04%
April 25th, 2025 (about 2 months ago)
|
|
CVE-2025-2185 |
Description: ALBEDO Telecom Net.Time - PTP/NTP clock (Serial No. NBC0081P) software release 1.4.4 is vulnerable to an insufficient session expiration vulnerability, which
could permit an attacker to transmit passwords over unencrypted
connections, resulting in the product becoming vulnerable to
interception.
CVSS: HIGH (8.0) EPSS Score: 0.04%
April 25th, 2025 (about 2 months ago)
|
|
CVE-2025-1294 |
Description: The eForm - WordPress Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.18.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: HIGH (7.2) EPSS Score: 0.11%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2024-8926 |
Description: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
CVSS: HIGH (8.1) EPSS Score: 0.37% SSVC Exploitation: none
April 24th, 2025 (about 2 months ago)
|
|
CVE-2024-6387 |
Description: A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVSS: HIGH (8.1) EPSS Score: 54.04% SSVC Exploitation: poc
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-46530 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in HuangYe WuDeng Hacklog Remote Attachment allows Stored XSS. This issue affects Hacklog Remote Attachment: from n/a through 1.3.2.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-46528 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar allows Stored XSS. This issue affects Availability Calendar: from n/a through 0.2.4.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 24th, 2025 (about 2 months ago)
|