CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2022-43939 |
Description: Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization.
CVSS: HIGH (8.6)
March 3rd, 2025 (4 months ago)
|
|
CVE-2022-43769 |
Description: Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution.
CVSS: HIGH (8.8)
March 3rd, 2025 (4 months ago)
|
|
CVE-2018-8639 |
Description: Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
CVSS: HIGH (7.8)
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-27279 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Flashfader allows Reflected XSS. This issue affects Flashfader: from n/a through 1.1.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-27278 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound AcuGIS Leaflet Maps allows Reflected XSS. This issue affects AcuGIS Leaflet Maps: from n/a through 5.1.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-27275 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in andrew_fisher WOO Codice Fiscale allows Reflected XSS. This issue affects WOO Codice Fiscale: from n/a through 1.6.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-27271 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound DB Tables Import/Export allows Reflected XSS. This issue affects DB Tables Import/Export: from n/a through 1.0.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-27269 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound .htaccess Login block allows Reflected XSS. This issue affects .htaccess Login block: from n/a through 0.9a.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-27264 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Doctor Appointment Booking allows PHP Local File Inclusion. This issue affects Doctor Appointment Booking: from n/a through 1.0.0.
CVSS: HIGH (7.5) EPSS Score: 0.12%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-27263 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Doctor Appointment Booking allows SQL Injection. This issue affects Doctor Appointment Booking: from n/a through 1.0.0.
CVSS: HIGH (8.5) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|