CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26755 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Airbnb Review Slider allows Blind SQL Injection. This issue affects WP Airbnb Review Slider: from n/a through 3.9.
CVSS: HIGH (7.6) EPSS Score: 0.04%
February 17th, 2025 (5 months ago)
|
|
CVE-2025-22680 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Ad Inserter Pro allows Reflected XSS. This issue affects Ad Inserter Pro: from n/a through 2.7.39.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 17th, 2025 (5 months ago)
|
|
CVE-2025-22286 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition allows Reflected XSS. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.21.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 17th, 2025 (5 months ago)
|
|
CVE-2025-22284 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition allows Reflected XSS. This issue affects LTL Freight Quotes – Unishippers Edition: from n/a through 2.5.8.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 17th, 2025 (5 months ago)
|
|
CVE-2025-1353 |
Description: A vulnerability was found in Kong Insomnia up to 10.3.0 and classified as critical. This issue affects some unknown processing in the library profapi.dll. The manipulation leads to untrusted search path. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. Eine kritische Schwachstelle wurde in Kong Insomnia bis 10.3.0 gefunden. Es geht hierbei um eine nicht näher spezifizierte Funktion in der Bibliothek profapi.dll. Mittels Manipulieren mit unbekannten Daten kann eine untrusted search path-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Komplexität eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig.
CVSS: HIGH (7.3) EPSS Score: 0.05%
February 17th, 2025 (5 months ago)
|
|
CVE-2025-1340 |
Description: A vulnerability classified as critical has been found in TOTOLINK X18 9.1.0cu.2024_B20220329. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation as part of String leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine kritische Schwachstelle in TOTOLINK X18 9.1.0cu.2024_B20220329 entdeckt. Hiervon betroffen ist die Funktion setPasswordCfg der Datei /cgi-bin/cstecgi.cgi. Dank Manipulation durch String kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.11%
February 17th, 2025 (5 months ago)
|
|
CVE-2025-0591 |
Description: Out-of-bounds Read vulnerability (CWE-125) was found in CX-Programmer. Attackers may be able to read sensitive information or cause an application crash by abusing this vulnerability.
CVSS: HIGH (7.8) EPSS Score: 0.04%
February 17th, 2025 (5 months ago)
|
|
CVE-2024-44044 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Oshine Modules allows Reflected XSS. This issue affects Oshine Modules: from n/a through n/a.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 17th, 2025 (5 months ago)
|
|
CVE-2024-0532 |
Description: A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects the function set_repeat5 of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g/wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In Tenda A15 15.13.07.13 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion set_repeat5 der Datei /goform/WifiExtraSet der Komponente Web-based Management Interface. Dank Manipulation des Arguments wpapsk_crypto2_4g/wpapsk_crypto5g mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.6) EPSS Score: 0.78%
February 17th, 2025 (5 months ago)
|
|
CVE-2024-5461 |
Description: Implementation of the Simple Network
Management Protocol (SNMP) operating on the Brocade 6547 (FC5022)
embedded switch blade, makes internal script calls to system.sh from
within the SNMP binary. An authenticated attacker could perform command
or parameter injection on SNMP operations that are only enabled on the
Brocade 6547 (FC5022) embedded switch. This injection could allow the
authenticated attacker to issue commands as Root.
CVSS: HIGH (8.6) EPSS Score: 0.04%
February 16th, 2025 (5 months ago)
|