CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27334 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ángel C. Simple Google Static Map allows DOM-Based XSS. This issue affects Simple Google Static Map: from n/a through 1.0.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 6th, 2025 (27 days ago)
|
|
CVE-2025-26593 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook allows Cross Site Request Forgery. This issue affects FastBook: from n/a through 1.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
June 6th, 2025 (27 days ago)
|
|
CVE-2025-24778 |
Description: Missing Authorization vulnerability in De paragon No Spam At All allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects No Spam At All: from n/a through 1.3.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
June 6th, 2025 (27 days ago)
|
|
CVE-2025-24776 |
Description: Missing Authorization vulnerability in codelobster Responsive Flipbooks allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Responsive Flipbooks: from n/a through 1.0.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
June 6th, 2025 (27 days ago)
|
|
CVE-2025-24772 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds Pay with Contact Form 7 allows Cross Site Request Forgery. This issue affects Pay with Contact Form 7: from n/a through 1.0.4.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
June 6th, 2025 (27 days ago)
|
|
CVE-2025-24763 |
Description: Missing Authorization vulnerability in Pascal Casier bbPress API allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects bbPress API: from n/a through 1.0.14.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
June 6th, 2025 (27 days ago)
|
|
CVE-2025-24762 |
Description: Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TicketBAI Facturas para WooCommerce: from n/a through 3.19.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
June 6th, 2025 (27 days ago)
|
|
CVE-2025-23971 |
Description: Missing Authorization vulnerability in whassan KI Live Video Conferences allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects KI Live Video Conferences: from n/a through 5.5.15.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
June 6th, 2025 (27 days ago)
|
|
CVE-2025-23969 |
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in whassan KI Live Video Conferences allows Retrieve Embedded Sensitive Data. This issue affects KI Live Video Conferences: from n/a through 5.5.15.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
June 6th, 2025 (27 days ago)
|
|
CVE-2025-5761 |
Description: A vulnerability, which was classified as critical, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file /edit-family-member.php. The manipulation of the argument memberage leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PHPGurukul BP Monitoring Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /edit-family-member.php. Durch die Manipulation des Arguments memberage mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
June 6th, 2025 (27 days ago)
|