CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-2008 |
Description: The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import_single_post_as_csv() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (8.8) EPSS Score: 0.26%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-2007 |
Description: The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS: HIGH (8.1) EPSS Score: 0.59%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-0417 |
Description: Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.
CVSS: HIGH (7.0) EPSS Score: 0.02%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-0416 |
Description: Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
CVSS: HIGH (8.9) EPSS Score: 0.02%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-21384 |
Description: An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
CVSS: HIGH (8.3) EPSS Score: 0.09%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-30471 |
Description: A validation issue was addressed with improved logic. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote user may be able to cause a denial-of-service.
CVSS: HIGH (7.5) EPSS Score: 0.15%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-26683 |
Description: Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.
CVSS: HIGH (8.1) EPSS Score: 0.08%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-31129 |
Description: Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImpl#get module deserializes untrusted data. This vulnerability is fixed in 2.17.0 (2.x) and 3.7.0 (3.x).
CVSS: HIGH (8.8) EPSS Score: 0.04%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-31123 |
Description: Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to obtain valid access tokens. This vulnerability does not affect the use of JWT Profile for OAuth 2.0 Client Authentication on the Token and Introspection endpoints, which correctly reject expired keys. This vulnerability is fixed in 2.71.6, 2.70.8, 2.69.9, 2.68.9, 2.67.13, 2.66.16, 2.65.7, 2.64.6, and 2.63.9.
CVSS: HIGH (8.7) EPSS Score: 0.05%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-30161 |
Description: OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed in 7.0.3.
CVSS: HIGH (8.4) EPSS Score: 0.05%
March 31st, 2025 (3 months ago)
|