CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-2223
CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and Availability of engineering...
Description: CWE-20: Improper Input Validation vulnerability exists that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when a malicious project file is loaded by a user from the local system.

CVSS: HIGH (8.4)

EPSS Score: 0.02%

Source: CVE
April 9th, 2025 (3 months ago)

CVE-2025-2222
CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege...
Description: CWE-552: Files or Directories Accessible to External Parties vulnerability over https exists that could leak information and potential privilege escalation following man in the middle attack.

CVSS: HIGH (8.2)

EPSS Score: 0.03%

Source: CVE
April 9th, 2025 (3 months ago)

CVE-2025-29870
Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated...
Description: Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information.

CVSS: HIGH (7.5)

EPSS Score: 0.08%

Source: CVE
April 9th, 2025 (3 months ago)

CVE-2025-27934
Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If...
Description: Information disclosure of authentication information in the specific service vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product authentication information.

CVSS: HIGH (7.5)

EPSS Score: 0.08%

Source: CVE
April 9th, 2025 (3 months ago)

CVE-2025-25053
OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS...
Description: OS command injection vulnerability in the WEB UI (the setting page) exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, an arbitrary OS command may be executed by a remote attacker who can log in to the product.

CVSS: HIGH (8.8)

EPSS Score: 0.25%

Source: CVE
April 9th, 2025 (3 months ago)

CVE-2025-30290
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to access files and directories that are stored outside the intended restricted directory. Exploitation of this issue requires user interaction.

CVSS: HIGH (8.7)

EPSS Score: 0.17%

SSVC Exploitation: none

Source: CVE
April 8th, 2025 (3 months ago)

CVE-2025-30289
ColdFusion | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.

CVSS: HIGH (7.5)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
April 8th, 2025 (3 months ago)

CVE-2025-30288
ColdFusion | Improper Access Control (CWE-284)
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction.

CVSS: HIGH (7.8)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
April 8th, 2025 (3 months ago)

CVE-2025-30287
ColdFusion | Improper Authentication (CWE-287)
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass authentication mechanisms and execute code with the privileges of the authenticated user. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application.

CVSS: HIGH (8.1)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
April 8th, 2025 (3 months ago)

CVE-2025-30284
ColdFusion | Deserialization of Untrusted Data (CWE-502)
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS: HIGH (8.0)

EPSS Score: 5.6%

SSVC Exploitation: none

Source: CVE
April 8th, 2025 (3 months ago)