CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-0161
IBM Security Verify Access Appliance code injection
Description: IBM Security Verify Access Appliance 10.0.0.0 through 10.0.0.9 and 11.0.0.0 could allow a local user to execute arbitrary code due to improper restrictions on code generation.

CVSS: HIGH (7.8)

EPSS Score: 0.02%

Source: CVE
February 21st, 2025 (5 months ago)

CVE-2024-49781
IBM OpenPages XML external entity injection
Description: IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

CVSS: HIGH (7.1)

EPSS Score: 0.18%

Source: CVE
February 21st, 2025 (5 months ago)

CVE-2024-46933
An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05.0014. Some BullSequana XH products were shipped...
Description: An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05.0014. Some BullSequana XH products were shipped without proper hardware programming, leading to a potential denial-of-service with privileged access.

CVSS: HIGH (7.7)

EPSS Score: 0.05%

Source: CVE
February 21st, 2025 (5 months ago)

CVE-2024-13888
WPMobile.App <= 11.56 - Open Redirect via 'redirect' Parameter
Description: The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

CVSS: HIGH (7.2)

EPSS Score: 0.26%

Source: CVE
February 21st, 2025 (5 months ago)

CVE-2024-13792
WooCommerce Food - Restaurant Menu & Food ordering <= 3.3.2 - Unauthenticated Arbitrary Shortcode Execution via ids
Description: The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

CVSS: HIGH (7.3)

EPSS Score: 0.12%

Source: CVE
February 21st, 2025 (5 months ago)

CVE-2024-13753
Ultimate Classified Listings <= 1.4 - Cross-Site Request Forgery to Account Takeover
Description: The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the update_profile function. This makes it possible for unauthenticated attackers to modify victim's email via a forged request, which might lead to account takeover, granted they can trick a user into performing an action such as clicking on a link.

CVSS: HIGH (8.1)

EPSS Score: 0.02%

Source: CVE
February 21st, 2025 (5 months ago)

CVE-2024-13476
LTL Freight Quotes – GlobalTranz Edition <= 2.3.11 - Unauthenticated SQL Injection
Description: The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVSS: HIGH (7.5)

EPSS Score: 0.08%

Source: CVE
February 21st, 2025 (5 months ago)

CVE-2025-1293
[github.com/hashicorp-forge/hermes] Hermes improperly validates a JWT
Description: Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0. References https://nvd.nist.gov/vuln/detail/CVE-2025-1293 https://discuss.hashicorp.com/t/hcsec-2025-03-hashicorp-hermes-improperly-validates-aws-alb-jwts-which-may-lead-to-authentication-bypass/73371 https://github.com/hashicorp-forge/hermes/commit/e36d479616099bd0c8dfde6786ea671f112d9106 https://github.com/advisories/GHSA-vxm9-8mfw-vc6g

CVSS: HIGH (8.2)

EPSS Score: 0.02%

Source: Github Advisory Database (Go)
February 20th, 2025 (5 months ago)

CVE-2025-27091
CVE-2025-27091: OpenH264 Decoding Functions Heap Overflow Vulnerability
Description: CVE-2025-27091: OpenH264 Decoding Functions Heap Overflow Vulnerability

CVSS: HIGH (8.6)

EPSS Score: 0.13%

Source: DarkWebInformer
February 20th, 2025 (5 months ago)

CVE-2025-23209
Craft CMS Code Injection Vulnerability
Description: Craft CMS contains a code injection vulnerability that allows for remote code execution as vulnerable versions have compromised user security keys.

CVSS: HIGH (8.1)

EPSS Score: 0.05%

Source: CISA KEV
February 20th, 2025 (5 months ago)