CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-0598
Stored Cross-site Scripting (XSS) vulnerability affecting Relations in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x thr...
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Relations in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

CVSS: HIGH (8.7)

EPSS Score: 0.03%

Source: CVE
March 17th, 2025 (4 months ago)

CVE-2025-0596
Stored Cross-site Scripting (XSS) vulnerability affecting Bookmark Editor in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x
Description: A stored Cross-site Scripting (XSS) vulnerability affecting Bookmark Editor in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

CVSS: HIGH (8.7)

EPSS Score: 0.03%

Source: CVE
March 17th, 2025 (4 months ago)

CVE-2025-0595
Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
Description: A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

CVSS: HIGH (8.7)

EPSS Score: 0.03%

Source: CVE
March 17th, 2025 (4 months ago)

CVE-2024-54027
A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and...
Description: A Use of Hard-coded Cryptographic Key vulnerability [CWE-321] in FortiSandbox version 4.4.6 and below, version 4.2.7 and below, version 4.0.5 and below, version 3.2.4 and below, version 3.1.5 and below, version 3.0.7 to 3.0.5 may allow a privileged attacker with super-admin profile and CLI access to read sensitive data via CLI.

CVSS: HIGH (7.8)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE
March 17th, 2025 (4 months ago)

CVE-2025-2370
TOTOLINK EX1800T cstecgi.cgi setWiFiExtenderConfig stack-based overflow
Description: A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been declared as critical. Affected by this vulnerability is the function setWiFiExtenderConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument apcliSsid leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In TOTOLINK EX1800T bis 9.1.0cu.2112_B20220316 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es die Funktion setWiFiExtenderConfig der Datei /cgi-bin/cstecgi.cgi. Durch das Beeinflussen des Arguments apcliSsid mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (8.7)

EPSS Score: 0.19%

Source: CVE
March 17th, 2025 (4 months ago)

CVE-2024-12992
Remote Code Execution leads to Command Injection
Description: Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affects Pandora FMS from 700 to 777.6 .

CVSS: HIGH (8.6)

EPSS Score: 0.67%

Source: CVE
March 17th, 2025 (4 months ago)

CVE-2024-12971
QuickShell Authenticated Command Injection
Description: Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6

CVSS: HIGH (8.6)

EPSS Score: 54.27%

Source: CVE
March 17th, 2025 (4 months ago)

CVE-2025-2369
TOTOLINK EX1800T cstecgi.cgi setPasswordCfg stack-based overflow
Description: A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112_B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in TOTOLINK EX1800T bis 9.1.0cu.2112_B20220316 ausgemacht. Dabei betrifft es die Funktion setPasswordCfg der Datei /cgi-bin/cstecgi.cgi. Durch Manipulieren des Arguments admpass mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: HIGH (8.7)

EPSS Score: 0.19%

Source: CVE
March 17th, 2025 (4 months ago)

CVE-2024-7267
Internal infrastructure data leak in EZD RP
Description: Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials. This issue affects EZD RP all versions before 19.6

CVSS: HIGH (7.1)

EPSS Score: 0.09%

SSVC Exploitation: none

Source: CVE
March 17th, 2025 (4 months ago)

CVE-2024-7265
Privilege Escalation in EZD RP
Description: Incorrect User Management vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.

CVSS: HIGH (8.7)

EPSS Score: 0.13%

SSVC Exploitation: none

Source: CVE
March 17th, 2025 (4 months ago)