CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32380 |
Description: The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. A vulnerability in Apollo Router's usage of Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. This could lead to excessive resource consumption and denial of service. Apollo Router's usage of Apollo Compiler has been updated so that validation logic processes each named fragment only once, preventing redundant traversal. This has been remediated in apollo-router versions 1.61.2 and 2.1.1.
CVSS: HIGH (7.5) EPSS Score: 0.05%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31404 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Wladyslaw Madejczyk AF Tell a Friend allows Stored XSS. This issue affects AF Tell a Friend: from n/a through 1.4.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31402 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in NewsBoard Plugin NewsBoard Post and RSS Scroller allows Stored XSS. This issue affects NewsBoard Post and RSS Scroller: from n/a through 1.2.12.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31401 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in mmetrodw MMX – Make Me Christmas allows Stored XSS. This issue affects MMX – Make Me Christmas: from n/a through 1.0.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31400 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in icyleaf WS Audio Player allows Stored XSS. This issue affects WS Audio Player: from n/a through 1.1.8.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31399 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Chandan Garg CG Scroll To Top allows Stored XSS. This issue affects CG Scroll To Top: from n/a through 3.5.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31395 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in a.ankit Easy Custom CSS allows Stored XSS. This issue affects Easy Custom CSS: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31394 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey (trepmal) More Mime Type Filters allows Stored XSS. This issue affects More Mime Type Filters: from n/a through 0.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31393 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in vfvalent Social Bookmarking RELOADED allows Stored XSS. This issue affects Social Bookmarking RELOADED: from n/a through 3.18.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31392 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Shameem Reza Smart Product Gallery Slider allows Cross Site Request Forgery. This issue affects Smart Product Gallery Slider: from n/a through 1.0.4.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|