CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-21591 |
Description: A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition.
Continuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition.
This issue affects Junos OS:
* from 23.1R1 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R2.
This issue isn't applicable to any versions of Junos OS before 23.1R1.
This issue doesn't affect vSRX Series which doesn't support DHCP Snooping.
This issue doesn't affect Junos OS Evolved.
There are no indicators of compromise for this issue.
CVSS: HIGH (7.4) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-32692 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle WP Subscription Forms allows PHP Local File Inclusion. This issue affects WP Subscription Forms: from n/a through 1.2.4.
CVSS: HIGH (7.5) EPSS Score: 0.13%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-32685 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries allows SQL Injection. This issue affects WP Inquiries: from n/a through 0.2.1.
CVSS: HIGH (7.6) EPSS Score: 0.04%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-32677 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer allows Blind SQL Injection. This issue affects WP Social Stream Designer: from n/a through 1.3.
CVSS: HIGH (7.6) EPSS Score: 0.04%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-32676 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect allows Blind SQL Injection. This issue affects Verowa Connect: from n/a through 3.0.5.
CVSS: HIGH (7.6) EPSS Score: 0.04%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-32673 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in epeken Epeken All Kurir allows Stored XSS. This issue affects Epeken All Kurir: from n/a through 1.4.6.2.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-32669 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in MERGADO Mergado Pack allows Stored XSS. This issue affects Mergado Pack: from n/a through 4.1.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-32667 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in fromdoppler Doppler Forms allows Stored XSS. This issue affects Doppler Forms: from n/a through 2.4.5.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-32664 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in ashokbasnet Nepali Date Utilities allows Stored XSS. This issue affects Nepali Date Utilities: from n/a through 1.0.13.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-32661 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive US Map allows Stored XSS. This issue affects Interactive US Map: from n/a through 2.7.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|