CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1539 |
Description: A vulnerability, which was classified as critical, has been found in D-Link DAP-1320 1.00. Affected by this issue is the function replace_special_char of the file /storagein.pd-XXXXXX. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. Eine kritische Schwachstelle wurde in D-Link DAP-1320 1.00 entdeckt. Davon betroffen ist die Funktion replace_special_char der Datei /storagein.pd-XXXXXX. Durch Manipulieren mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.08%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-1538 |
Description: A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. In D-Link DAP-1320 1.00 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion set_ws_action der Datei /dws/api/. Durch das Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.12%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-24989 |
Description: Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
CVSS: HIGH (8.2) EPSS Score: 25.72%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-26794 |
Description: Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
CVSS: HIGH (7.5) EPSS Score: 22.78%
February 21st, 2025 (5 months ago)
|
|
CVE-2024-9150 |
Description: Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DLL libraries and executing OS commands on a host system with applications high privileges.
This issue has been fixed in version 8.0.00204.0
CVSS: HIGH (8.7) EPSS Score: 0.05%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-1471 |
Description: In Eclipse OMR versions 0.2.0 to 0.4.0, some of the z/OS atoe print functions use a constant length buffer for string conversion. If the input format string and arguments are larger than the buffer size then buffer overflow occurs. Beginning in version 0.5.0, the conversion buffers are sized correctly and checked appropriately to prevent buffer overflows.
CVSS: HIGH (7.1) EPSS Score: 0.01%
February 21st, 2025 (5 months ago)
|
|
CVE-2024-13353 |
Description: The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.4 via several widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS: HIGH (8.8) EPSS Score: 0.14%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-0726 |
Description: In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before
version 6.4.2, an attacker can cause a denial of service by specially
crafted packets. The core issue is missing closing of a file in case of
an error condition, resulting in the 404 error for each further file
request. Users can work-around the issue by disabling the PUT request
support.
CVSS: HIGH (7.1) EPSS Score: 0.03%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-23209 |
Description: A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the
CVSS: HIGH (8.1)
February 21st, 2025 (5 months ago)
|
|
CVE-2024-11260 |
Description: The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the active_status parameter in all versions up to, and including, 6.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: HIGH (7.5) EPSS Score: 0.08%
February 21st, 2025 (5 months ago)
|