CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-30522 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Damian Orzol Contact Form 7 Material Design allows Stored XSS. This issue affects Contact Form 7 Material Design: from n/a through 1.0.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 24th, 2025 (3 months ago)
|
|
CVE-2024-8774 |
Description: The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator.
This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch [email protected], which removed the vulnerability. Versions 6.20 and 6.25 remain unpatched.
CVSS: HIGH (7.7) EPSS Score: 0.04% SSVC Exploitation: none
March 24th, 2025 (3 months ago)
|
|
CVE-2024-8773 |
Description: SIMPLE.ERP client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification.
This issue affect SIMPLE.ERP from 6.20 to 6.30. Only the 6.30 version received a patch [email protected], which make it possible for an administrator to enforce encrypted communication. Versions 6.20 and 6.25 remain unpatched.
CVSS: HIGH (8.3) EPSS Score: 0.09% SSVC Exploitation: none
March 24th, 2025 (3 months ago)
|
|
CVE-2021-3842 |
Description:
Nessus Plugin ID 233286 with High Severity
Synopsis
The remote Ubuntu host is missing one or more security updates.
Description
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7365-1 advisory. It was discovered that NLTK contained a regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a denial of service. (CVE-2021-3842, CVE-2021-43854)Tenable has extracted the preceding description block directly from the Ubuntu security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected python-nltk and / or python3-nltk packages.
Read more at https://www.tenable.com/plugins/nessus/233286
CVSS: HIGH (7.5)
March 24th, 2025 (3 months ago)
|
|
CVE-2025-29795 |
Description: Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally.
CVSS: HIGH (7.8) EPSS Score: 0.04%
March 23rd, 2025 (3 months ago)
|
|
CVE-2025-2691 |
Description: Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism.
CVSS: HIGH (8.8) EPSS Score: 0.04%
March 23rd, 2025 (3 months ago)
|
|
CVE-2024-45317 |
Description: A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address.
CVSS: HIGH (7.5) EPSS Score: 0.05% SSVC Exploitation: none
March 22nd, 2025 (3 months ago)
|
|
CVE-2024-21175 |
Description: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
CVSS: HIGH (7.5) EPSS Score: 0.12% SSVC Exploitation: none
March 22nd, 2025 (3 months ago)
|
|
CVE-2025-2186 |
Description: The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to SQL Injection via the ‘automationId’ parameter in all versions up to, and including, 3.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: HIGH (7.5) EPSS Score: 0.1%
March 22nd, 2025 (3 months ago)
|
|
CVE-2022-49737 |
Description:
Nessus Plugin ID 233208 with High Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0984-1 advisory. - CVE-2022-49737: Fixed Xorg crashing when client applications use easystroke for mouse gestures (bsc#1239750)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Read more at https://www.tenable.com/plugins/nessus/233208
CVSS: HIGH (7.7)
March 22nd, 2025 (3 months ago)
|