CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26530 |
Description: The question bank filter required additional sanitizing to prevent a reflected XSS risk.
CVSS: HIGH (8.3) EPSS Score: 0.05%
February 24th, 2025 (5 months ago)
|
|
CVE-2025-26529 |
Description: Description information displayed in the site administration live log
required additional sanitizing to prevent a stored XSS risk.
CVSS: HIGH (8.3) EPSS Score: 0.05%
February 24th, 2025 (5 months ago)
|
|
CVE-2025-26525 |
Description: Insufficient sanitizing in the TeX notation filter resulted in an
arbitrary file read risk on sites where pdfTeX is available (such as
those with TeX Live installed).
CVSS: HIGH (8.6) EPSS Score: 0.05%
February 24th, 2025 (5 months ago)
|
|
CVE-2025-27091 |
Description: OpenH264 recently reported a heap overflow that was fixed in upstream 63db555 and integrated into our 0.6.6 release. For users relying on Cisco's pre-compiled DLL, we also published 0.8.0, which is compatible with their latest fixed DLL version 2.6.0.
In other words:
if you rely on our source feature only, >=0.6.6 should be safe,
if you rely on libloading, you must upgrade to 0.8.0 and use their latest DLL >=2.6.0.
Users handling untrusted video files should update immediately.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-27091
https://github.com/cisco/openh264/pull/3818
https://github.com/ralfbiedert/openh264-rs/commit/3a822fff0b4c9a984622ca2b179fe8898ac54b14
https://rustsec.org/advisories/RUSTSEC-2025-0008.html
https://github.com/advisories/GHSA-5pmw-9j92-3c4c
CVSS: HIGH (8.6) EPSS Score: 0.13%
February 24th, 2025 (5 months ago)
|
|
CVE-2025-26200 |
Description: SQL injection in SLIMS v.9.6.1 allows a remote attacker to escalate privileges via the month parameter in the visitor_report_day.php component.
CVSS: HIGH (7.2) EPSS Score: 0.09% SSVC Exploitation: poc
February 24th, 2025 (5 months ago)
|
|
CVE-2025-22495 |
Description: An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in the version 3.0.4.
Note - Network-M2 has been declared end-of-life in early 2024 and Network-M3 has been released as a fit-and-functional replacement.
CVSS: HIGH (8.4) EPSS Score: 0.06%
February 24th, 2025 (5 months ago)
|
|
CVE-2025-27355 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Nicolas GRILLET Woocommerce – Loi Hamon allows Stored XSS. This issue affects Woocommerce – Loi Hamon: from n/a through 1.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
February 24th, 2025 (5 months ago)
|
|
CVE-2025-27352 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wumii team 无觅相关文章插件 allows Stored XSS. This issue affects 无觅相关文章插件: from n/a through 1.0.5.7.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 24th, 2025 (5 months ago)
|
|
CVE-2025-27332 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in gmnazmul Smart Maintenance & Countdown allows Stored XSS. This issue affects Smart Maintenance & Countdown: from n/a through 1.2.
CVSS: HIGH (7.1) EPSS Score: 0.02%
February 24th, 2025 (5 months ago)
|
|
CVE-2025-27321 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Blighty Blightly Explorer allows Stored XSS. This issue affects Blightly Explorer: from n/a through 2.3.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
February 24th, 2025 (5 months ago)
|