CyberAlerts

CVE-2025-27812

MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation.

Description: MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation.

CVSS: HIGH (8.1)

EPSS Score: 0.02%

Source: CVE

April 10th, 2025 (11 days ago)

CVE-2025-1073

Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the...

Description: Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device.

CVSS: HIGH (7.5)

EPSS Score: 0.02%

Source: CVE

April 10th, 2025 (11 days ago)

CVE-2025-27350

WordPress Vice Versa plugin <= 2.2.3 - Reflected Cross Site Scripting (XSS) vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hugh Mungus Vice Versa allows Reflected XSS.This issue affects Vice Versa: from n/a through 2.2.3.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE

April 10th, 2025 (11 days ago)

CVE-2025-23386

gerbera: Privilege escalation from user gerbera to root because of insecure %post script

Description: A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1.

CVSS: HIGH (7.8)

EPSS Score: 0.01%

Source: CVE

April 10th, 2025 (11 days ago)

CVE-2025-32687

WordPress Review Stars Count For WooCommerce <= 2.0 - SQL Injection Vulnerability

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce allows SQL Injection. This issue affects Review Stars Count For WooCommerce: from n/a through 2.0.

CVSS: HIGH (8.5)

EPSS Score: 0.03%

Source: CVE

April 10th, 2025 (11 days ago)

CVE-2025-32668

WordPress Real Estate Manager plugin <= 7.3 - Local File Inclusion vulnerability

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager allows PHP Local File Inclusion. This issue affects Real Estate Manager: from n/a through 7.3.

CVSS: HIGH (8.1)

EPSS Score: 0.15%

Source: CVE

April 10th, 2025 (11 days ago)

CVE-2025-32160

WordPress EventON plugin <= 2.3.2 - Local File Inclusion vulnerability

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON. This issue affects EventON: from n/a through 2.3.2.

CVSS: HIGH (7.5)

EPSS Score: 0.13%

Source: CVE

April 10th, 2025 (11 days ago)

CVE-2025-32158

WordPress aThemes Addons for Elementor plugin <= 1.0.15 - Local File Inclusion vulnerability

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in aThemes aThemes Addons for Elementor. This issue affects aThemes Addons for Elementor: from n/a through 1.0.15.

CVSS: HIGH (7.5)

EPSS Score: 0.13%

Source: CVE

April 10th, 2025 (11 days ago)

CVE-2025-32145

WordPress WpEvently plugin <= 4.3.5 - PHP Object Injection vulnerability

Description: Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.3.5.

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE

April 10th, 2025 (11 days ago)

CVE-2025-32128

WordPress Nearby Locations Plugin <= 1.1.1 - SQL Injection vulnerability

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aaronfrey Nearby Locations allows SQL Injection. This issue affects Nearby Locations: from n/a through 1.1.1.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE

April 10th, 2025 (11 days ago)

Threat and Vulnerability Intelligence Database

Example Searches: