CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31064 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Vizeon - Business Consulting allows PHP Local File Inclusion. This issue affects Vizeon - Business Consulting: from n/a through 1.1.7.
CVSS: HIGH (8.1) EPSS Score: 0.15%
May 23rd, 2025 (23 days ago)
|
|
CVE-2025-31060 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Capie allows PHP Local File Inclusion. This issue affects Capie: from n/a through 1.0.40.
CVSS: HIGH (8.1) EPSS Score: 0.15%
May 23rd, 2025 (23 days ago)
|
|
CVE-2025-31053 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in quantumcloud KBx Pro Ultimate allows Path Traversal. This issue affects KBx Pro Ultimate: from n/a through 7.9.8.
CVSS: HIGH (7.7) EPSS Score: 0.05%
May 23rd, 2025 (23 days ago)
|
|
CVE-2025-1123 |
Description: The Solid Mail – SMTP email and logging made by SolidWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email Name, Subject, and Body in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: HIGH (7.2) EPSS Score: 0.07% SSVC Exploitation: none
May 23rd, 2025 (23 days ago)
|
|
CVE-2025-5105 |
Description: A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Affected by this issue is some unknown functionality of the component Service Port 7777. The manipulation leads to improper clearing of heap memory before release. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in TOZED ZLT W51 bis 1.4.2 gefunden. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente Service Port 7777. Durch die Manipulation mit unbekannten Daten kann eine improper clearing of heap memory before release-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.06%
May 23rd, 2025 (23 days ago)
|
|
CVE-2025-41407 |
Description: Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.
CVSS: HIGH (8.3) EPSS Score: 0.03%
May 23rd, 2025 (23 days ago)
|
|
CVE-2025-3893 |
Description: While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection vulnerability.
Version 5.20 of MegaBIP fixes this issue.
CVSS: HIGH (8.6) EPSS Score: 0.03%
May 23rd, 2025 (23 days ago)
|
|
CVE-2025-36527 |
Description: Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.
CVSS: HIGH (8.3) EPSS Score: 0.03%
May 23rd, 2025 (23 days ago)
|
|
CVE-2024-13945 |
Description: Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data
if administrator credentials become compromised.
This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVSS: HIGH (8.4) EPSS Score: 0.06%
May 23rd, 2025 (23 days ago)
|
|
CVE-2025-5100 |
Description: A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution.
CVSS: HIGH (8.0) EPSS Score: 0.02%
May 23rd, 2025 (23 days ago)
|