CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-49184 |
Description: A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.
CVSS: HIGH (7.5) EPSS Score: 0.05% SSVC Exploitation: none
June 12th, 2025 (10 days ago)
|
|
CVE-2025-49183 |
Description: All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
CVSS: HIGH (7.5) EPSS Score: 0.02% SSVC Exploitation: none
June 12th, 2025 (10 days ago)
|
|
CVE-2025-49182 |
Description: Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.
CVSS: HIGH (7.5) EPSS Score: 0.05% SSVC Exploitation: none
June 12th, 2025 (10 days ago)
|
|
CVE-2025-49181 |
Description: Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET
requests to gather sensitive information. An attacker could also send HTTP POST requests to modify
the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service
attack.
CVSS: HIGH (8.6) EPSS Score: 0.08% SSVC Exploitation: none
June 12th, 2025 (10 days ago)
|
|
CVE-2025-6021 |
Description: A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
CVSS: HIGH (7.5) EPSS Score: 0.05%
June 12th, 2025 (10 days ago)
|
|
CVE-2025-0673 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition.
CVSS: HIGH (7.5) EPSS Score: 0.02%
June 12th, 2025 (10 days ago)
|
|
CVE-2025-4278 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to account takeover.
CVSS: HIGH (8.7) EPSS Score: 0.02%
June 12th, 2025 (10 days ago)
|
|
CVE-2025-2254 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks.
CVSS: HIGH (8.7) EPSS Score: 0.02%
June 12th, 2025 (10 days ago)
|
|
CVE-2025-4613 |
Description: Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template
CVSS: HIGH (7.1) EPSS Score: 0.19%
June 12th, 2025 (10 days ago)
|
|
CVE-2025-35978 |
Description: Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send malicious data, an arbitrary registry value may be modified or arbitrary code may be executed.
CVSS: HIGH (7.1) EPSS Score: 0.01%
June 12th, 2025 (10 days ago)
|