CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-30243 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tomas WordPress Tooltips.This issue affects WordPress Tooltips: from n/a before 9.4.5.
CVSS: HIGH (8.5) EPSS Score: 0.17% SSVC Exploitation: none
April 8th, 2025 (3 months ago)
|
|
CVE-2024-3008 |
Description: A vulnerability, which was classified as critical, was found in Tenda FH1205 2.0.0.7(775). Affected is the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258294 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine Schwachstelle in Tenda FH1205 2.0.0.7(775) gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion formexeCommand der Datei /goform/execCommand. Durch die Manipulation des Arguments cmdinput mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.56% SSVC Exploitation: poc
April 8th, 2025 (3 months ago)
|
|
CVE-2024-12556 |
Description: Prototype Pollution in Kibana can lead to code injection via unrestricted file upload combined with path traversal.
CVSS: HIGH (8.7) EPSS Score: 0.04%
April 8th, 2025 (3 months ago)
|
|
🚨 Marked as known exploited on April 10th, 2025 (3 months ago).
Description: Microsoft’s April 2025 Patch Tuesday rollout includes a critical fix for an actively exploited zero-day vulnerability in the Windows Common Log File System (CLFS), tracked as CVE-2025-29824, which threat actors have used to launch ransomware attacks across multiple sectors. The vulnerability was discovered by the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center …
The post Microsoft Fixes Actively Exploited CLFS Zero-Day Used in Ransomware Attacks appeared first on CyberInsider.
CVSS: HIGH (7.8) EPSS Score: 4.49%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-30286 |
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.
CVSS: HIGH (8.0) EPSS Score: 0.48%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-30285 |
Description: ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: HIGH (8.0) EPSS Score: 5.66%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-30304 |
Description: Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: HIGH (7.8) EPSS Score: 0.03%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-30299 |
Description: Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: HIGH (7.8) EPSS Score: 0.03%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-30298 |
Description: Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: HIGH (7.8) EPSS Score: 0.03%
April 8th, 2025 (3 months ago)
|
|
CVE-2025-30297 |
Description: Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: HIGH (7.8) EPSS Score: 0.03%
April 8th, 2025 (3 months ago)
|