CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-24843
WordPress PowerPack Pro for Elementor Plugin < 2.10.8 is vulnerable to Cross Site Request Forgery (CSRF)
Description: Cross-Site Request Forgery (CSRF) vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a before 2.10.8.

CVSS: HIGH (7.1)

EPSS Score: 0.1%

SSVC Exploitation: none

Source: CVE
April 22nd, 2025 (2 months ago)

CVE-2024-23094
Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component...
Description: Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php

CVSS: HIGH (8.8)

EPSS Score: 0.06%

SSVC Exploitation: poc

Source: CVE
April 22nd, 2025 (2 months ago)

CVE-2024-1710
The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function...
Description: The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files.

CVSS: HIGH (8.8)

EPSS Score: 0.23%

SSVC Exploitation: none

Source: CVE
April 22nd, 2025 (2 months ago)

CVE-2025-3767
SQL Injection in Centreon BAM boolean KPI listing
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection. This page is only accessible to authenticated users with high privileges. This issue affects Centreon BAM: from 24.10 before 24.10.1, from 24.04 before 24.04.5, from 23.10 before 23.10.10, from 23.04 before 23.04.10.

CVSS: HIGH (7.2)

EPSS Score: 0.02%

Source: CVE
April 22nd, 2025 (2 months ago)

CVE-2025-23251
NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A...
Description: NVIDIA NeMo Framework contains a vulnerability where a user could cause an improper control of generation of code by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.

CVSS: HIGH (7.6)

EPSS Score: 0.09%

Source: CVE
April 22nd, 2025 (2 months ago)

CVE-2025-23250
NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an...
Description: NVIDIA NeMo Framework contains a vulnerability where an attacker could cause an improper limitation of a pathname to a restricted directory by an arbitrary file write. A successful exploit of this vulnerability might lead to code execution and data tampering.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
April 22nd, 2025 (2 months ago)

CVE-2025-23249
NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful...
Description: NVIDIA NeMo Framework contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.

CVSS: HIGH (7.6)

EPSS Score: 0.16%

Source: CVE
April 22nd, 2025 (2 months ago)

CVE-2024-21885
Xorg-x11-server: heap buffer overflow in xisenddevicehierarchyevent
Description: A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.

CVSS: HIGH (7.8)

EPSS Score: 0.24%

SSVC Exploitation: none

Source: CVE
April 22nd, 2025 (2 months ago)

CVE-2024-21752
WordPress Ajax Search Lite Plugin <= 4.11.4 is vulnerable to Cross Site Scripting (XSS)
Description: Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.

CVSS: HIGH (7.1)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
April 22nd, 2025 (2 months ago)

CVE-2024-1971
Surya2Developer Online Shopping System POST Parameter login.php sql injection
Description: A vulnerability has been found in Surya2Developer Online Shopping System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument password with the input nochizplz'+or+1%3d1+limit+1%23 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255127. In Surya2Developer Online Shopping System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei login.php der Komponente POST Parameter Handler. Durch Manipulation des Arguments password mit der Eingabe nochizplz'+or+1%3d1+limit+1%23 mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (7.3)

EPSS Score: 0.05%

SSVC Exploitation: poc

Source: CVE
April 22nd, 2025 (2 months ago)