CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-49164 |
Description: Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
June 3rd, 2025 (13 days ago)
|
|
CVE-2025-49163 |
Description: Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file.
CVSS: MEDIUM (6.7) EPSS Score: 0.02%
June 3rd, 2025 (13 days ago)
|
|
CVE-2025-49162 |
Description: Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename.
CVSS: MEDIUM (6.4) EPSS Score: 0.02%
June 3rd, 2025 (13 days ago)
|
|
CVE-2025-3919 |
Description: The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters.
This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page.
The vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
June 2nd, 2025 (13 days ago)
|
|
Description: This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2025-37090.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
June 2nd, 2025 (13 days ago)
|
|
|
Description: This vulnerability allows remote attackers to delete arbitrary files on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2025-37094.
CVSS: MEDIUM (5.5) EPSS Score: 0.84%
June 2nd, 2025 (13 days ago)
|
|
|
Description: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise StoreOnce VSA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 4.9. The following CVEs are assigned: CVE-2025-37095.
CVSS: MEDIUM (5.9) EPSS Score: 0.25%
June 2nd, 2025 (13 days ago)
|
|
CVE-2025-48996 |
Description: HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the `haxPsuUsage` API endpoint, related to a flat present in open-apis versions up to and including 10.0.2. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues (e.g., HAX-3), this could assist in targeted attacks such as unauthorized content modification or deletion. Commit 06c2e1fbb7131a8fe66aa0600f38dcacae6b7ac7 patches the vulnerability.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
June 2nd, 2025 (13 days ago)
|
|
CVE-2025-47585 |
Description: Missing Authorization vulnerability in Mage people team Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through 2.3.8.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
June 2nd, 2025 (13 days ago)
|
|
CVE-2024-0960 |
Description: A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \ai_flow\cli\commands\workflow_command.py. The manipulation leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252205 was assigned to this vulnerability. In flink-extended ai-flow 0.3.1 wurde eine kritische Schwachstelle ausgemacht. Es geht um die Funktion cloudpickle.loads der Datei \ai_flow\cli\commands\workflow_command.py. Durch Manipulieren mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.0) EPSS Score: 0.05% SSVC Exploitation: none
June 2nd, 2025 (13 days ago)
|