CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31014 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ho3einie Material Dashboard allows PHP Local File Inclusion. This issue affects Material Dashboard: from n/a through 1.4.5.
CVSS: HIGH (7.5) EPSS Score: 0.13%
April 11th, 2025 (3 months ago)
|
|
🚨 Marked as known exploited on April 11th, 2025 (3 months ago).
Description: A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure.
The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites.
"The
CVSS: HIGH (8.1) EPSS Score: 0.14%
April 11th, 2025 (3 months ago)
|
|
CVE-2025-32808 |
Description: W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists.
CVSS: HIGH (7.7) EPSS Score: 0.04%
April 11th, 2025 (3 months ago)
|
|
CVE-2025-0128 |
Description: A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.
Cloud NGFW is not affected by this vulnerability. Prisma® Access software is proactively patched and protected from this issue.
CVSS: HIGH (8.7) EPSS Score: 0.03%
April 11th, 2025 (3 months ago)
|
|
CVE-2025-0127 |
Description: A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. This issue is only applicable to PAN-OS VM-Series. This issue does not affect firewalls that are already deployed.
Cloud NGFW and Prisma® Access are not affected by this vulnerability.
CVSS: HIGH (7.1) EPSS Score: 0.18%
April 11th, 2025 (3 months ago)
|
|
CVE-2025-0126 |
Description: When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized user and perform actions as that GlobalProtect user. This requires the legitimate user to first click on a malicious link provided by the attacker.
The SAML login for the PAN-OS® management interface is not affected. Additionally, this issue does not affect Cloud NGFW and all Prisma® Access instances are proactively patched.
CVSS: HIGH (8.3) EPSS Score: 0.05%
April 11th, 2025 (3 months ago)
|
|
CVE-2025-0120 |
Description: A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 11th, 2025 (3 months ago)
|
|
CVE-2024-29790 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Squirrly SEO Plugin by Squirrly SEO allows Reflected XSS.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.3.16.
CVSS: HIGH (7.1) EPSS Score: 0.19% SSVC Exploitation: none
April 10th, 2025 (3 months ago)
|
|
CVE-2024-29759 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.
CVSS: HIGH (7.1) EPSS Score: 0.11% SSVC Exploitation: none
April 10th, 2025 (3 months ago)
|
|
CVE-2024-2955 |
Description: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file
CVSS: HIGH (7.8) EPSS Score: 0.02% SSVC Exploitation: none
April 10th, 2025 (3 months ago)
|