CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-26932

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QuantumCloud ChatBot allows PHP Local File Inclusion. This issue affects ChatBot: from n/a through 6.3.5.

CVSS: HIGH (7.5)

EPSS Score: 0.12%

Source: CVE
February 25th, 2025 (5 months ago)

CVE-2025-26931

Description: Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Software Tribulant Gallery Voting allows Stored XSS. This issue affects Tribulant Gallery Voting: from n/a through 1.2.1.

CVSS: HIGH (7.1)

EPSS Score: 0.02%

Source: CVE
February 25th, 2025 (5 months ago)

CVE-2025-26915

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist allows SQL Injection. This issue affects Wishlist: from n/a through 1.0.41.

CVSS: HIGH (8.5)

EPSS Score: 0.04%

Source: CVE
February 25th, 2025 (5 months ago)

CVE-2025-26907

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatik Mortgage Calculator Estatik allows Stored XSS. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12.

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: CVE
February 25th, 2025 (5 months ago)

CVE-2025-26905

Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Estatik Estatik allows PHP Local File Inclusion. This issue affects Estatik: from n/a through 4.1.9.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
February 25th, 2025 (5 months ago)

CVE-2025-26868

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fastflow Fast Flow allows Reflected XSS. This issue affects Fast Flow: from n/a through 1.2.16.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
February 25th, 2025 (5 months ago)

CVE-2025-26753

Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal. This issue affects VideoWhisper Live Streaming Integration: from n/a through 6.2.

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: CVE
February 25th, 2025 (5 months ago)

CVE-2025-26752

Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in videowhisper VideoWhisper Live Streaming Integration allows Path Traversal. This issue affects VideoWhisper Live Streaming Integration: from n/a through 6.2.

CVSS: HIGH (8.6)

EPSS Score: 0.07%

Source: CVE
February 25th, 2025 (5 months ago)

CVE-2025-26751

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood Alphabetic Pagination allows Reflected XSS. This issue affects Alphabetic Pagination: from n/a through 3.2.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
February 25th, 2025 (5 months ago)

CVE-2025-1094

Description: Nessus Plugin ID 216713 with High Severity Synopsis The remote SUSE host is missing a security update. Description The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:0655-1 advisory. Upgrade to 17.4: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093).Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected libecpg6, libecpg6-32bit, libpq5 and / or libpq5-32bit packages. Read more at https://www.tenable.com/plugins/nessus/216713

CVSS: HIGH (8.1)

EPSS Score: 0.04%

Source: Tenable Plugins
February 25th, 2025 (5 months ago)