CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-28869 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound NextGEN Gallery Voting allows Reflected XSS. This issue affects NextGEN Gallery Voting: from n/a through 2.7.6.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 26th, 2025 (3 months ago)
|
|
CVE-2025-28865 |
WordPress WP Colorful Tag Cloud plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lionelroux WP Colorful Tag Cloud allows Reflected XSS. This issue affects WP Colorful Tag Cloud: from n/a through 2.0.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 26th, 2025 (3 months ago)
|
|
CVE-2025-28858 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arrow Plugins Arrow Maps allows Reflected XSS. This issue affects Arrow Maps: from n/a through 1.0.9.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 26th, 2025 (3 months ago)
|
|
CVE-2025-28855 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Teleport allows Reflected XSS. This issue affects Teleport: from n/a through 1.2.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 26th, 2025 (3 months ago)
|
|
CVE-2025-27404 |
Description: Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of that user. This issue has been resolved in versions 2.11.5 and 2.12.3 of Icinga Web 2. As a workaround, those who have Icinga Web 2.12.2 may enable CSP in the application settings.
CVSS: HIGH (7.7) EPSS Score: 0.05% SSVC Exploitation: none
March 26th, 2025 (3 months ago)
|
|
CVE-2025-27267 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in srcoley Random Quotes allows Reflected XSS. This issue affects Random Quotes: from n/a through 1.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 26th, 2025 (3 months ago)
|
|
CVE-2025-27015 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designingmedia Hostiko allows PHP Local File Inclusion.This issue affects Hostiko: from n/a before 30.1.
CVSS: HIGH (7.5) EPSS Score: 0.1% SSVC Exploitation: none
March 26th, 2025 (3 months ago)
|
|
CVE-2025-27014 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in designingmedia Hostiko allows Reflected XSS.This issue affects Hostiko: from n/a before 30.1.
CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none
March 26th, 2025 (3 months ago)
|
|
CVE-2025-26986 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Pearl - Corporate Business allows PHP Local File Inclusion.This issue affects Pearl - Corporate Business: from n/a before 3.4.8.
CVSS: HIGH (8.1) EPSS Score: 0.13% SSVC Exploitation: none
March 26th, 2025 (3 months ago)
|
|
CVE-2025-26584 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound TBTestimonials allows Reflected XSS. This issue affects TBTestimonials: from n/a through 1.7.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 26th, 2025 (3 months ago)
|