CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-30205 |
Description: kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the (optional) kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system log. This only impacts users which both use the provided patches and provision their `admin` or `idm_admin` account credentials this way. No other credentials are affected. Users should recompile kanidm with the newest patchset from tag `v1.2.0` or higher. As a workaround, the user can set the log level `KANIDM_LOG_LEVEL` to any level higher than `info`, for example `warn`.
CVSS: HIGH (7.6) EPSS Score: 0.03%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-0255 |
Description: HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
CVSS: HIGH (7.2) EPSS Score: 0.16%
March 24th, 2025 (3 months ago)
|
|
CVE-2024-27356 |
Description: An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203.
CVSS: HIGH (7.5) EPSS Score: 6.28% SSVC Exploitation: none
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30621 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator allows Stored XSS. This issue affects Translator: from n/a through 0.3.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30620 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in coderscom WP Odoo Form Integrator allows Stored XSS. This issue affects WP Odoo Form Integrator: from n/a through 1.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30612 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in mandegarweb Replace Default Words allows Stored XSS. This issue affects Replace Default Words: from n/a through 1.3.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30608 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Anthony WordPress SQL Backup allows Stored XSS. This issue affects WordPress SQL Backup: from n/a through 3.5.2.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30604 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jiangqie JiangQie Official Website Mini Program allows Blind SQL Injection. This issue affects JiangQie Official Website Mini Program: from n/a through 1.8.2.
CVSS: HIGH (7.6) EPSS Score: 0.04%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30603 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in DEJAN CopyLink allows Stored XSS. This issue affects CopyLink: from n/a through 1.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 24th, 2025 (3 months ago)
|
|
CVE-2025-30602 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alphasis Related Posts via Categories allows Stored XSS. This issue affects Related Posts via Categories: from n/a through 2.1.2.
CVSS: HIGH (7.1) EPSS Score: 0.03%
March 24th, 2025 (3 months ago)
|