CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31036 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in WPSolr free WPSolr allows Privilege Escalation. This issue affects WPSolr: from n/a through 24.0.
CVSS: HIGH (8.8) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31032 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Pagopar - Grupo M S.A. Pagopar – WooCommerce Gateway allows Stored XSS. This issue affects Pagopar – WooCommerce Gateway: from n/a through 2.7.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31026 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Austin Comment Validation Reloaded allows Stored XSS. This issue affects Comment Validation Reloaded: from n/a through 0.5.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-31023 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Purab Seo Meta Tags allows Cross Site Request Forgery. This issue affects Seo Meta Tags: from n/a through 1.4.
CVSS: HIGH (8.8) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-1968 |
Description: Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429.
CVSS: HIGH (7.7) EPSS Score: 0.05%
April 9th, 2025 (3 months ago)
|
|
Description: A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrary GET requests against target systems, including internal or adjacent networks.
Impact
This vulnerability facilitates a semi-blind SSRF attack, allowing attackers to make the target server send requests to internal or external URLs without viewing the full responses. Potential impacts include internal network reconnaissance, bypassing firewalls.
References
https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3f7v-qx94-666m
https://github.com/advisories/GHSA-3f7v-qx94-666m
CVSS: HIGH (7.5)
April 9th, 2025 (3 months ago)
|
|
CVE-2025-2223 |
Description: CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and
Availability of engineering workstation when a malicious project file is loaded by a user from the local system.
CVSS: HIGH (8.4) EPSS Score: 0.02%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-2222 |
Description: CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak
information and potential privilege escalation following man in the middle attack.
CVSS: HIGH (8.2) EPSS Score: 0.03%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-29870 |
Description: Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information.
CVSS: HIGH (7.5) EPSS Score: 0.08%
April 9th, 2025 (3 months ago)
|
|
CVE-2025-27934 |
Description: Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information.
CVSS: HIGH (7.5) EPSS Score: 0.08%
April 9th, 2025 (3 months ago)
|