CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-29772 |
Description: OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hidden_subcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting (XSS) vul;nerability in CAMOS new.php. This vulnerability is fixed in 7.0.3.
CVSS: HIGH (7.2) EPSS Score: 0.05%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-2794 |
Description: An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition.
This issue affects Xperience: through 13.0.180.
CVSS: HIGH (7.5) EPSS Score: 0.08%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-1449 |
Description: A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. A portion of the administrative web interface for Verve's Legacy Agentless Device Inventory (ADI) capability (deprecated since the 1.36 release) allows users to change a variable with inadequate sanitizing. If exploited, it could allow a threat actor with administrative access to run arbitrary commands in the context of the container running the service.
CVSS: HIGH (7.5) EPSS Score: 0.05%
March 31st, 2025 (3 months ago)
|
|
Description: The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp.
The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208.
"The threat actor deploys payloads primarily by means of
CVSS: HIGH (7.0) EPSS Score: 1.47%
March 31st, 2025 (3 months ago)
|
|
CVE-2024-12021 |
Description: Coverity versions prior to 2024.9.0 are vulnerable to stored cross-site scripting (XSS) in various administrative interfaces. The impact of exploitation may result in the compromise of local accounts managed by the Coverity platform as well as other standard impacts resulting from cross-site scripting.
CVSS: HIGH (8.5) EPSS Score: 0.06%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-31625 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ramanparashar Useinfluence allows Stored XSS. This issue affects Useinfluence: from n/a through 1.0.8.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-31623 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor allows Stored XSS. This issue affects Rich Text Editor: from n/a through 1.0.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-31617 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Gagan Deep Singh PostmarkApp Email Integrator allows Cross Site Request Forgery. This issue affects PostmarkApp Email Integrator: from n/a through 2.4.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-31616 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in AdminGeekZ Varnish WordPress allows Cross Site Request Forgery. This issue affects Varnish WordPress: from n/a through 1.7.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-31615 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in owenr88 Simple Contact Forms allows Stored XSS. This issue affects Simple Contact Forms: from n/a through 1.6.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 31st, 2025 (3 months ago)
|