CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5111 |
Description: A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component TYPE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in FreeFloat FTP Server 1.0 entdeckt. Betroffen davon ist ein unbekannter Prozess der Komponente TYPE Command Handler. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.05% SSVC Exploitation: poc
May 23rd, 2025 (21 days ago)
|
|
CVE-2025-48292 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster allows PHP Local File Inclusion. This issue affects Tourmaster: from n/a through 5.3.8.
CVSS: HIGH (8.1) EPSS Score: 0.15%
May 23rd, 2025 (21 days ago)
|
|
CVE-2025-48286 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation allows Reflected XSS. This issue affects ReDi Restaurant Reservation: from n/a through 24.1209.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 23rd, 2025 (21 days ago)
|
|
CVE-2025-48273 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal allows Path Traversal. This issue affects WP Job Portal: from n/a through 2.3.2.
CVSS: HIGH (7.5) EPSS Score: 0.06%
May 23rd, 2025 (21 days ago)
|
|
CVE-2025-48245 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fullworks Quick Contact Form allows Reflected XSS. This issue affects Quick Contact Form : from n/a through 8.2.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 23rd, 2025 (21 days ago)
|
|
CVE-2025-48241 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.9.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 23rd, 2025 (21 days ago)
|
|
CVE-2025-47690 |
Description: Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects Lead Form Data Collection to CRM: from n/a through 3.1.
CVSS: HIGH (8.8) EPSS Score: 0.04%
May 23rd, 2025 (21 days ago)
|
|
CVE-2025-47680 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags allows Reflected XSS. This issue affects xili-tidy-tags: from n/a through 1.12.06.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 23rd, 2025 (21 days ago)
|
|
CVE-2025-47678 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Reflected XSS. This issue affects FunnelCockpit: from n/a through 1.4.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 23rd, 2025 (21 days ago)
|
|
CVE-2025-47673 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Reflected XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.16.
CVSS: HIGH (7.1) EPSS Score: 0.04%
May 23rd, 2025 (21 days ago)
|