CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-2396 |
Description: The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
CVSS: HIGH (8.8) EPSS Score: 0.21%
March 17th, 2025 (4 months ago)
|
|
CVE-2025-1724 |
Description: Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token.
CVSS: HIGH (7.4) EPSS Score: 0.28%
March 17th, 2025 (4 months ago)
|
|
CVE-2025-2343 |
Description: A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. In IROAD Dash Cam X5 and Dash Cam X6 bis 20250308 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Komponente Device Pairing. Durch Manipulation mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff im lokalen Netzwerk. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar.
CVSS: HIGH (7.7) EPSS Score: 0.03%
March 16th, 2025 (4 months ago)
|
|
CVE-2025-30076 |
Description: Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter.
CVSS: HIGH (7.7) EPSS Score: 0.03%
March 16th, 2025 (4 months ago)
|
|
CVE-2025-27281 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in cookforweb All In Menu allows Blind SQL Injection. This issue affects All In Menu: from n/a through 1.1.5.
CVSS: HIGH (8.5) EPSS Score: 0.04%
March 15th, 2025 (4 months ago)
|
|
CVE-2025-26978 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound FS Poster. This issue affects FS Poster: from n/a through 6.5.8.
CVSS: HIGH (8.5) EPSS Score: 0.03%
March 15th, 2025 (4 months ago)
|
|
CVE-2025-26976 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.4.
CVSS: HIGH (8.5) EPSS Score: 0.04%
March 15th, 2025 (4 months ago)
|
|
CVE-2025-26972 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 15th, 2025 (4 months ago)
|
|
CVE-2025-26969 |
Description: Missing Authorization vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.
CVSS: HIGH (8.3) EPSS Score: 0.04%
March 15th, 2025 (4 months ago)
|
|
CVE-2025-26961 |
Description: Missing Authorization vulnerability in NotFound Fresh Framework allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Fresh Framework: from n/a through 1.70.0.
CVSS: HIGH (8.6) EPSS Score: 0.05%
March 15th, 2025 (4 months ago)
|