CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3021 |
Description: Path Traversal vulnerability in e-solutions e-management. This vulnerability could allow an attacker to access confidential files outside the expected scope via the ‘file’ parameter in the /downloadReport.php endpoint.
CVSS: HIGH (8.7) EPSS Score: 0.06%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-23995 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ta2g Tantyyellow allows Reflected XSS.This issue affects Tantyyellow: from n/a through 1.0.0.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 31st, 2025 (3 months ago)
|
|
CVE-2024-24452 |
Description: An invalid memory access when handling the ProtocolIE_ID field of E-RAB Release Indication messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.
CVSS: HIGH (7.5) EPSS Score: 0.07% SSVC Exploitation: none
March 31st, 2025 (3 months ago)
|
|
CVE-2025-31387 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion. This issue affects InstaWP Connect: from n/a through 0.1.0.82.
CVSS: HIGH (7.5) EPSS Score: 0.11%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-31016 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound JetWooBuilder allows PHP Local File Inclusion. This issue affects JetWooBuilder: from n/a through 2.1.18.
CVSS: HIGH (7.5) EPSS Score: 0.13%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-30855 |
Description: Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ads by WPQuads: from n/a through 2.0.87.1.
CVSS: HIGH (7.5) EPSS Score: 0.04%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-30835 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Accounting for WooCommerce allows PHP Local File Inclusion. This issue affects Accounting for WooCommerce: from n/a through 1.6.8.
CVSS: HIGH (7.5) EPSS Score: 0.11%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-2402 |
Description: A hard-coded, non-random password for the object store (minio) of KNIME Business Hub in all versions except the ones listed below allows an unauthenticated remote attacker in possession of the password to read and manipulate swapped jobs or read and manipulate in- and output data of active jobs. It is also possible to cause a denial-of-service of most functionality of KNIME Business Hub by writing large amounts of data to the object store directly.
There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub:
* 1.13.2 or later
* 1.12.3 or later
* 1.11.3 or later
* 1.10.3 or later
CVSS: HIGH (8.8) EPSS Score: 0.13%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-31103 |
Description: Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server.
CVSS: HIGH (7.5) EPSS Score: 0.04%
March 31st, 2025 (3 months ago)
|
|
CVE-2025-24517 |
Description: Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a remote attacker may obtain the product login password without authentication.
CVSS: HIGH (7.5) EPSS Score: 0.18%
March 31st, 2025 (3 months ago)
|