CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-30567
WordPress WP01 <= 2.6.2 - Arbitrary File Download Vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wp01ru WP01 allows Path Traversal. This issue affects WP01: from n/a through 2.6.2.

CVSS: HIGH (7.5)

EPSS Score: 27.88%

SSVC Exploitation: none

Source: CVE
March 25th, 2025 (3 months ago)

CVE-2024-36303
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected...
Description: An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2024-36302.

CVSS: HIGH (7.8)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
March 25th, 2025 (3 months ago)

CVE-2024-32736
CyberPower PowerPanel Enterprise SQL Injection
Description: A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_utask_verbose" function within MCUDBHelper.

CVSS: HIGH (7.5)

EPSS Score: 68.79%

SSVC Exploitation: poc

Source: CVE
March 25th, 2025 (3 months ago)

CVE-2024-21078
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are...
Description: Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

CVSS: HIGH (7.5)

EPSS Score: 0.19%

SSVC Exploitation: none

Source: CVE
March 25th, 2025 (3 months ago)

CVE-2024-6677
Privilege escalation in uberAgent
Description: Privilege escalation in uberAgent

CVSS: HIGH (7.3)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
March 25th, 2025 (3 months ago)

CVE-2024-58105
A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security...
Description: A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVSS: HIGH (7.3)

EPSS Score: 0.01%

Source: CVE
March 25th, 2025 (3 months ago)

CVE-2024-58104
A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security...
Description: A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVSS: HIGH (7.3)

EPSS Score: 0.01%

Source: CVE
March 25th, 2025 (3 months ago)

CVE-2024-40715
A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass....
Description: A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit this vulnerability.

CVSS: HIGH (7.7)

EPSS Score: 0.13%

SSVC Exploitation: none

Source: CVE
March 25th, 2025 (3 months ago)
[frappe] Frappe vulnerable to information disclosure leading to account takeover
Description: Impact Making crafted requests could lead to information disclosure that could further lead to account takeover. Workarounds There's no workaround to fix this without upgrading. Credits Thanks to Thanh of Calif.io for reporting the issue References https://github.com/frappe/frappe/security/advisories/GHSA-qrv3-jc3h-f3m6 https://nvd.nist.gov/vuln/detail/CVE-2025-30214 https://github.com/advisories/GHSA-qrv3-jc3h-f3m6

CVSS: HIGH (8.0)

EPSS Score: 0.06%

Source: Github Advisory Database (PIP)
March 25th, 2025 (3 months ago)

CVE-2025-30214
Frappe vulnerable to information disclosure leading to account takeover
Description: Frappe is a full-stack web application framework. Prior to versions 14.89.0 and 15.51.0, making crafted requests could lead to information disclosure that could further lead to account takeover. Versions 14.89.0 and 15.51.0 fix the issue. There's no workaround to fix this without upgrading.

CVSS: HIGH (8.0)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE
March 25th, 2025 (3 months ago)