CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
[@react-router/express] Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers
Description: Impact We received a report about a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. Patches This issue has been patched and released in Remix 2.16.3 React Router 7.4.1. Credits Rachid Allam (zhero;) Yasser Allam (inzo_) References https://github.com/remix-run/react-router/security/advisories/GHSA-4q56-crqp-v477 https://nvd.nist.gov/vuln/detail/CVE-2025-31137 https://github.com/advisories/GHSA-4q56-crqp-v477

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: Github Advisory Database (NPM)
April 1st, 2025 (3 months ago)
[@remix-run/express] Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers
Description: Impact We received a report about a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. Patches This issue has been patched and released in Remix 2.16.3 React Router 7.4.1. Credits Rachid Allam (zhero;) Yasser Allam (inzo_) References https://github.com/remix-run/react-router/security/advisories/GHSA-4q56-crqp-v477 https://nvd.nist.gov/vuln/detail/CVE-2025-31137 https://github.com/advisories/GHSA-4q56-crqp-v477

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: Github Advisory Database (NPM)
April 1st, 2025 (3 months ago)

CVE-2024-20440
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This...
Description: A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain log files that contain sensitive data, including credentials that can be used to access the API.

CVSS: HIGH (7.5)

EPSS Score: 82.28%

SSVC Exploitation: none

Source: CVE
April 1st, 2025 (3 months ago)

CVE-2025-31619
WordPress Actionwear products sync plugin <= 2.3.3 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync allows SQL Injection. This issue affects Actionwear products sync: from n/a through 2.3.3.

CVSS: HIGH (8.5)

EPSS Score: 0.03%

Source: CVE
April 1st, 2025 (3 months ago)

CVE-2025-31594
WordPress Auto scroll for reading plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPglob Auto scroll for reading allows Reflected XSS. This issue affects Auto scroll for reading: from n/a through 1.1.4.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
April 1st, 2025 (3 months ago)

CVE-2025-31580
WordPress Ni WooCommerce Product Enquiry plugin <= 4.1.8 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Product Enquiry allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Ni WooCommerce Product Enquiry: from n/a through 4.1.8.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
April 1st, 2025 (3 months ago)

CVE-2025-31578
WordPress Fonts Manager | Custom Fonts plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wisdomlogix Solutions Pvt. Ltd. Fonts Manager | Custom Fonts allows Reflected XSS. This issue affects Fonts Manager | Custom Fonts: from n/a through 1.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
April 1st, 2025 (3 months ago)

CVE-2025-31571
WordPress The Logo Slider plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cynob IT Consultancy The Logo Slider allows Reflected XSS. This issue affects The Logo Slider: from n/a through 1.0.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
April 1st, 2025 (3 months ago)

CVE-2025-31568
WordPress LeadLab by wiredminds plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wiredmindshelp LeadLab by wiredminds allows Reflected XSS. This issue affects LeadLab by wiredminds: from n/a through 1.3.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
April 1st, 2025 (3 months ago)

CVE-2025-31564
ChatGPT Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One plugin <= 2.1.7 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Blind SQL Injection. This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.1.7.

CVSS: HIGH (8.5)

EPSS Score: 0.03%

Source: CVE
April 1st, 2025 (3 months ago)