CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24602 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP24 WP24 Domain Check allows Reflected XSS. This issue affects WP24 Domain Check: from n/a through 1.10.14.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-24599 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS. This issue affects Newsletters: from n/a through 4.9.9.6.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-24598 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.17.0.
CVSS: HIGH (7.1) EPSS Score: 0.05%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-23645 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Optimize Worldwide Find Content IDs allows Reflected XSS. This issue affects Find Content IDs: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-23058 |
Description: A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges.
CVSS: HIGH (8.8) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-23023 |
Description: Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade may disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.
CVSS: HIGH (8.2) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-22794 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Landoweb Programador World Cup Predictor allows Reflected XSS. This issue affects World Cup Predictor: from n/a through 1.9.6.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-22700 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Traveler Code. This issue affects Traveler Code: from n/a through 3.1.0.
CVSS: HIGH (8.5) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-20890 |
Description: Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
CVSS: HIGH (7.0) EPSS Score: 0.05%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-20888 |
Description: Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
CVSS: HIGH (7.0) EPSS Score: 0.05%
February 5th, 2025 (5 months ago)
|