CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0360 |
Description: During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API.
CVSS: HIGH (7.8) EPSS Score: 0.01%
March 4th, 2025 (4 months ago)
|
|
CVE-2025-0359 |
Description: During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework.
Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVSS: HIGH (8.5) EPSS Score: 0.02%
March 4th, 2025 (4 months ago)
|
|
CVE-2025-1306 |
Description: The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunch_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: HIGH (8.8) EPSS Score: 0.1%
March 4th, 2025 (4 months ago)
|
|
CVE-2024-43093 |
Description: Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild.
The two high-severity vulnerabilities are listed below -
CVE-2024-43093 - A privilege escalation flaw in the Framework component that could result in unauthorized access to "Android/data," "Android/obb,"
CVSS: HIGH (7.8)
March 4th, 2025 (4 months ago)
|
|
CVE-2025-1639 |
Description: The Animation Addons for Elementor Pro plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_elementor_plugin_handler() function in all versions up to, and including, 1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install and activate arbitrary plugins which can be leveraged to further infect a victim when Elementor is not activated on a vulnerable site.
CVSS: HIGH (8.8) EPSS Score: 1.5%
March 4th, 2025 (4 months ago)
|
|
CVE-2025-1899 |
Description: A vulnerability has been found in Tenda TX3 16.03.13.11_multi and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In Tenda TX3 16.03.13.11_multi wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /goform/setPptpUserList. Durch das Beeinflussen des Arguments list mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.1) EPSS Score: 0.06%
March 4th, 2025 (4 months ago)
|
|
CVE-2025-1898 |
Description: A vulnerability, which was classified as critical, was found in Tenda TX3 16.03.13.11_multi. Affected is an unknown function of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in Tenda TX3 16.03.13.11_multi gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /goform/openSchedWifi. Durch Manipulieren des Arguments schedStartTime/schedEndTime mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.1) EPSS Score: 0.06%
March 4th, 2025 (4 months ago)
|
|
CVE-2025-1895 |
Description: A vulnerability classified as critical has been found in Tenda TX3 16.03.13.11_multi. This affects an unknown part of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in Tenda TX3 16.03.13.11_multi entdeckt. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /goform/setMacFilterCfg. Mittels dem Manipulieren des Arguments deviceList mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.1) EPSS Score: 0.06%
March 4th, 2025 (4 months ago)
|
|
CVE-2024-51962 |
Description: A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify Column properties allowing for the execution of a SQL Injection by a remote authenticated user with elevated (non admin) privileges. There is a high impact to integrity and confidentiality and no impact to availability.
CVSS: HIGH (8.7) EPSS Score: 0.05% SSVC Exploitation: none
March 3rd, 2025 (4 months ago)
|
|
CVE-2024-51961 |
Description: There is a local file inclusion vulnerability in ArcGIS Server 10.9.1 thru 11.3 that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files from the remote server. Due to the nature of the files accessible in this vulnerability the impact to confidentiality is High there is no impact to both integrity or availability.
CVSS: HIGH (7.5) EPSS Score: 0.05% SSVC Exploitation: none
March 3rd, 2025 (4 months ago)
|