CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-26921
WordPress Booking and Rental Manager Plugin <= 2.2.6 - PHP Object Injection vulnerability
Description: Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager allows Object Injection. This issue affects Booking and Rental Manager: from n/a through 2.2.6.

CVSS: HIGH (8.8)

EPSS Score: 0.06%

Source: CVE
March 15th, 2025 (4 months ago)

CVE-2025-26886
WordPress PublishPress Authors plugin <= 4.7.3 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PublishPress PublishPress Authors allows SQL Injection. This issue affects PublishPress Authors: from n/a through 4.7.3.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
March 15th, 2025 (4 months ago)

CVE-2025-26556
WordPress WP AntiDDOS Plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zzmaster WP AntiDDOS allows Reflected XSS. This issue affects WP AntiDDOS: from n/a through 2.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
March 15th, 2025 (4 months ago)

CVE-2025-26555
WordPress Debug-Bar-Extender Plugin <= 0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Debug-Bar-Extender allows Reflected XSS. This issue affects Debug-Bar-Extender: from n/a through 0.5.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
March 15th, 2025 (4 months ago)

CVE-2025-26554
WordPress WP Discord Post Plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Discord Post allows Reflected XSS. This issue affects WP Discord Post: from n/a through 2.1.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
March 15th, 2025 (4 months ago)

CVE-2025-26553
WordPress Pre Order Addon for WooCommerce plugin<= 1.0.7 - Reflected Cross-Site Scripting
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spring Devs Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin allows Reflected XSS. This issue affects Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin: from n/a through 2.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
March 15th, 2025 (4 months ago)

CVE-2025-26548
WordPress Random Image Selector plugin <= 1.5.6 - Reflected Cross-Site Scripting vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Random Image Selector allows Reflected XSS. This issue affects Random Image Selector: from n/a through 2.4.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
March 15th, 2025 (4 months ago)

CVE-2025-23744
WordPress Random Posts, Mp3 Player + ShareButton plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dvs11 Random Posts, Mp3 Player + ShareButton allows Reflected XSS. This issue affects Random Posts, Mp3 Player + ShareButton: from n/a through 1.4.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
March 15th, 2025 (4 months ago)
[tj-actions/changed-files] tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.
Description: tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were not originally affected, but were modified by a threat actor to point at commit 0e58ed8, which contains the malicious updateFeatures code.) References https://nvd.nist.gov/vuln/detail/CVE-2025-30066 https://github.com/tj-actions/changed-files/issues/2463 https://github.com/github/docs/blob/962a1c8dccb8c0f66548b324e5b921b5e4fbc3d6/content/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions.md?plain=1#L191-L193 https://news.ycombinator.com/item?id=43368870 https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised https://github.com/chains-project/maven-lockfile/pull/1111 https://github.com/rackerlabs/genestack/pull/903 https://news.ycombinator.com/item?id=43367987 https://web.archive.org/web/20250315060250/https://github.com/tj-actions/changed-files/issues/2463 https://github.com/advisories/GHSA-mrrh-fwg8-r2c3

CVSS: HIGH (8.6)

EPSS Score: 63.87%

Source: Github Advisory Database (Actions)
March 15th, 2025 (4 months ago)

CVE-2024-31324
In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and...
Description: In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.

CVSS: HIGH (7.3)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE
March 15th, 2025 (4 months ago)