CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-21090
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and...
Description: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS: HIGH (7.5)

EPSS Score: 0.3%

SSVC Exploitation: none

Source: CVE
March 27th, 2025 (3 months ago)

CVE-2024-21075
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim Line LOV). Supported versions that are affected...
Description: Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim Line LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS: HIGH (7.5)

EPSS Score: 0.19%

SSVC Exploitation: none

Source: CVE
March 27th, 2025 (3 months ago)

CVE-2024-12905
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path...
Description: An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.

CVSS: HIGH (7.5)

EPSS Score: 1.26%

Source: CVE
March 27th, 2025 (3 months ago)

CVE-2025-22783
WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.03 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO allows SQL Injection.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.03.

CVSS: HIGH (8.5)

EPSS Score: 0.1%

Source: CVE
March 27th, 2025 (3 months ago)

CVE-2025-22658
WordPress Listings for Appfolio plugin <= 1.2.0 - CSRF to Stored XSS vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar Listings for Appfolio allows Stored XSS.This issue affects Listings for Appfolio: from n/a through 1.2.0.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
March 27th, 2025 (3 months ago)

CVE-2025-22652
WordPress Payment Forms for Paystack plugin <= 4.0.1 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kendysond Payment Forms for Paystack allows SQL Injection.This issue affects Payment Forms for Paystack: from n/a through 4.0.1.

CVSS: HIGH (7.6)

EPSS Score: 0.11%

Source: CVE
March 27th, 2025 (3 months ago)

CVE-2025-22628
WordPress Filled In Plugin <= 1.9.2 - CSRF to Stored XSS vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision Filled In allows Stored XSS.This issue affects Filled In: from n/a through 1.9.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
March 27th, 2025 (3 months ago)

CVE-2024-37472
WordPress Woffice theme <= 5.4.8 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Cross Site Scripting (XSS) vulnerability in WofficeIO Woffice allows Reflected XSS.This issue affects Woffice: from n/a through 5.4.8.

CVSS: HIGH (7.1)

EPSS Score: 0.08%

SSVC Exploitation: none

Source: CVE
March 27th, 2025 (3 months ago)

CVE-2024-25063
Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that...
Description: Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to.

CVSS: HIGH (7.5)

EPSS Score: 0.15%

SSVC Exploitation: none

Source: CVE
March 27th, 2025 (3 months ago)

CVE-2024-22268
VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative...
Description: VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition.

CVSS: HIGH (7.1)

EPSS Score: 0.12%

SSVC Exploitation: none

Source: CVE
March 27th, 2025 (3 months ago)