CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-22360
WordPress WP Azure offload plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Azure offload allows Reflected XSS. This issue affects WP Azure offload: from n/a through 2.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
March 28th, 2025 (3 months ago)

CVE-2025-22356
WordPress Stencies plugin <= 0.58 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stencies Stencies allows Reflected XSS. This issue affects Stencies: from n/a through 0.58.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
March 28th, 2025 (3 months ago)

CVE-2024-54362
WordPress GetShop ecommerce plugin <= 1.3 - Path Traversal vulnerability
Description: Path Traversal vulnerability in NotFound GetShop ecommerce allows Path Traversal. This issue affects GetShop ecommerce: from n/a through 1.3.

CVSS: HIGH (8.1)

EPSS Score: 0.06%

Source: CVE
March 28th, 2025 (3 months ago)

CVE-2024-54291
WordPress PluginPass plugin <= 0.9.10 - Arbitrary File Download/Delete vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound PluginPass allows Manipulating Web Input to File System Calls. This issue affects PluginPass: from n/a through 0.9.10.

CVSS: HIGH (8.6)

EPSS Score: 0.06%

Source: CVE
March 28th, 2025 (3 months ago)

CVE-2024-51624
WordPress Já-Já Pagamentos for WooCommerce plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jajapagamentos Já-Já Pagamentos for WooCommerce allows Reflected XSS. This issue affects Já-Já Pagamentos for WooCommerce: from n/a through 1.3.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
March 28th, 2025 (3 months ago)

CVE-2024-0041
In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could...
Description: In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS: HIGH (7.0)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
March 28th, 2025 (3 months ago)
CVE-2025-24383: Dell Unity, Dell UnityVSA and Dell Unity XT remediation is available for multiple security vulnerabilities that could be exploited ...
Description: CVE-2025-24383: Dell Unity, Dell UnityVSA and Dell Unity XT remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system

CVSS: HIGH (7.8)

EPSS Score: 22.34%

Source: DarkWebInformer
March 28th, 2025 (3 months ago)

CVE-2025-30372
Emlog Pro contains an SQL injection vulnerability.
Description: Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potential leakage of sensitive information from the user database. Version pro-2.5.9 fixes the issue.

CVSS: HIGH (7.7)

EPSS Score: 0.04%

Source: CVE
March 28th, 2025 (3 months ago)

CVE-2025-30211
KEX init error results with excessive memory usage
Description: Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data. Versions OTP-27.3.1, OTP-26.2.5.10, and OTP-25.3.2.19 fix the issue. Some workarounds are available. One may set option `parallel_login` to `false` and/or reduce the `max_sessions` option.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
March 28th, 2025 (3 months ago)

CVE-2025-29928
authentik's deletion of sessions did not revoke sessions when using database session storage
Description: authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage (which is a non-default setting), deleting sessions via the Web Interface or the API would not revoke the session and the session holder would continue to have access to authentik. authentik 2025.2.3 and 2024.12.4 fix this issue. Switching to the cache-based session storage until the authentik instance can be upgraded is recommended. This will however also delete all existing sessions and users will have to re-authenticate.

CVSS: HIGH (8.0)

EPSS Score: 0.03%

Source: CVE
March 28th, 2025 (3 months ago)