CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-4336 |
Description: The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This is only exploitable by unauthenticated attackers in default configurations where the the default password is left as 1:1, or where the attacker gains access to the credentials.
CVSS: HIGH (8.1) EPSS Score: 0.2%
May 24th, 2025 (20 days ago)
|
|
CVE-2024-22309 |
Description: Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.
CVSS: HIGH (8.7) EPSS Score: 0.22% SSVC Exploitation: none
May 23rd, 2025 (21 days ago)
|
|
CVE-2024-22305 |
Description: Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36.
CVSS: HIGH (7.5) EPSS Score: 0.07% SSVC Exploitation: none
May 23rd, 2025 (21 days ago)
|
|
CVE-2024-22283 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delhivery Delhivery Logistics Courier.This issue affects Delhivery Logistics Courier: from n/a through 1.0.107.
CVSS: HIGH (8.5) EPSS Score: 0.12% SSVC Exploitation: none
May 23rd, 2025 (21 days ago)
|
|
CVE-2024-22152 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7.
CVSS: HIGH (8.0) EPSS Score: 0.16% SSVC Exploitation: none
May 23rd, 2025 (21 days ago)
|
|
CVE-2025-43860 |
Description: OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the (1) Text Box fields of Address, Address Line 2, Postal Code and City fields and (2) Drop Down menu options of Address Use, State and Country of the Additional Addresses section of the Contact tab in Patient Demographics. The injected script can execute in two scenarios: (1) dynamically during form input, and (2) when the form data is later loaded for editing. Version 7.0.3.4 contains a patch for the issue.
CVSS: HIGH (7.6) EPSS Score: 0.03% SSVC Exploitation: poc
May 23rd, 2025 (21 days ago)
|
|
CVE-2025-32794 |
Description: OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to inject arbitrary JavaScript code into the system by entering malicious payloads in the First and Last Name fields during patient registration. This code is later executed when viewing the patient's encounter under Orders → Procedure Orders. Version 7.0.3.4 contains a patch for the issue.
CVSS: HIGH (7.6) EPSS Score: 0.03%
May 23rd, 2025 (21 days ago)
|
|
CVE-2025-24917 |
Description: In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation.
CVSS: HIGH (7.8) EPSS Score: 0.01%
May 23rd, 2025 (21 days ago)
|
|
CVE-2025-24916 |
Description: When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location.
CVSS: HIGH (7.0) EPSS Score: 0.01%
May 23rd, 2025 (21 days ago)
|
|
CVE-2025-5112 |
Description: A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component MGET Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in FreeFloat FTP Server 1.0 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Komponente MGET Command Handler. Durch Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.05% SSVC Exploitation: poc
May 23rd, 2025 (21 days ago)
|