CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-28027 |
Description: TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 was found to contain a buffer overflow vulnerability in downloadFile.cgi.
CVSS: HIGH (7.3) EPSS Score: 0.11%
April 22nd, 2025 (2 months ago)
|
|
CVE-2025-28030 |
Description: TOTOLINK A810R V4.1.2cu.5182_B20201026 was discovered to contain a stack overflow via the startTime and endTime parameters in setParentalRules function.
CVSS: HIGH (8.8) EPSS Score: 0.15%
April 22nd, 2025 (2 months ago)
|
|
CVE-2024-26483 |
Description: An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.
CVSS: HIGH (8.8) EPSS Score: 0.15% SSVC Exploitation: poc
April 22nd, 2025 (2 months ago)
|
|
CVE-2024-26135 |
Description: MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking (CSWSH) vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is exploitable when an attacker is able to convince a victim end-user to click on a malicious link to a page hosting an attacker-controlled site. The attacker can then originate a cross-site websocket connection using client-side JavaScript code to connect to `control.ashx` as the victim user within MeshCentral. Version 1.1.21 contains a patch for this issue.
CVSS: HIGH (8.4) EPSS Score: 0.56% SSVC Exploitation: none
April 22nd, 2025 (2 months ago)
|
|
CVE-2024-24843 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a before 2.10.8.
CVSS: HIGH (7.1) EPSS Score: 0.1% SSVC Exploitation: none
April 22nd, 2025 (2 months ago)
|
|
CVE-2024-23094 |
Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...
Description: Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php
CVSS: HIGH (8.8) EPSS Score: 0.06% SSVC Exploitation: poc
April 22nd, 2025 (2 months ago)
|
|
CVE-2024-1710 |
Description: The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files.
CVSS: HIGH (8.8) EPSS Score: 0.23% SSVC Exploitation: none
April 22nd, 2025 (2 months ago)
|
|
CVE-2025-3767 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection.
This page is only accessible to authenticated users with high privileges.
This issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10.
CVSS: HIGH (7.2) EPSS Score: 0.02%
April 22nd, 2025 (2 months ago)
|
|
CVE-2025-23251 |
Description: NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.
CVSS: HIGH (7.6) EPSS Score: 0.09%
April 22nd, 2025 (2 months ago)
|
|
CVE-2025-23250 |
Description: NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering.
CVSS: HIGH (7.6) EPSS Score: 0.04%
April 22nd, 2025 (2 months ago)
|