CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-12917 |
Description: Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue affects Health4All: before 10.01.2025.
CVSS: HIGH (8.3) EPSS Score: 0.06%
February 24th, 2025 (5 months ago)
|
|
CVE-2024-12916 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Life4All allows SQL Injection.This issue affects Life4All: before 10.01.2025.
CVSS: HIGH (8.8) EPSS Score: 0.04%
February 24th, 2025 (5 months ago)
|
|
CVE-2024-20953 |
Description: Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.
CVSS: HIGH (8.8) EPSS Score: 4.2%
February 24th, 2025 (5 months ago)
|
|
CVE-2024-55898 |
Description: IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege.
CVSS: HIGH (8.5) EPSS Score: 0.05%
February 24th, 2025 (5 months ago)
|
|
CVE-2025-22635 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jyothis Joy Eventer allows Reflected XSS. This issue affects Eventer: from n/a through n/a.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 23rd, 2025 (5 months ago)
|
|
CVE-2025-22632 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in totalsoft WooCommerce Pricing – Product Pricing allows Stored XSS. This issue affects WooCommerce Pricing – Product Pricing: from n/a through 1.0.9.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 23rd, 2025 (5 months ago)
|
|
CVE-2025-22631 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vbout Marketing Automation allows Reflected XSS. This issue affects Marketing Automation: from n/a through 1.2.6.8.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 23rd, 2025 (5 months ago)
|
|
CVE-2025-27012 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a through 1.5.1.
CVSS: HIGH (8.8) EPSS Score: 0.02%
February 22nd, 2025 (5 months ago)
|
|
CVE-2025-26774 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Solid Responsive Modal Builder for High Conversion – Easy Popups allows Reflected XSS. This issue affects Responsive Modal Builder for High Conversion – Easy Popups: from n/a through 1.5.0.
CVSS: HIGH (7.1) EPSS Score: 0.03%
February 22nd, 2025 (5 months ago)
|
|
CVE-2025-26760 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Wow-Company Calculator Builder allows PHP Local File Inclusion. This issue affects Calculator Builder: from n/a through 1.6.2.
CVSS: HIGH (7.5) EPSS Score: 0.08%
February 22nd, 2025 (5 months ago)
|