CyberAlerts

CVE-2024-38866

Livestatus Injection in dynmaps

Description: Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE

May 27th, 2025 (23 days ago)

CVE-2025-5232

PHPGurukul Student Study Center Management System report.php sql injection

Description: A vulnerability, which was classified as critical, has been found in PHPGurukul Student Study Center Management System 1.0. This issue affects some unknown processing of the file /admin/report.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PHPGurukul Student Study Center Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /admin/report.php. Durch Beeinflussen des Arguments fromdate/todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.1)

EPSS Score: 0.03%

Source: CVE

May 27th, 2025 (23 days ago)

CVE-2025-5231

PHPGurukul Company Visitor Management System forgot-password.php sql injection

Description: A vulnerability classified as critical was found in PHPGurukul Company Visitor Management System 1.0. This vulnerability affects unknown code of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Company Visitor Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um eine nicht näher bekannte Funktion der Datei /forgot-password.php. Durch das Beeinflussen des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.03%

Source: CVE

May 27th, 2025 (23 days ago)

CVE-2025-48054

Radashi Vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Description: Radashi is a TypeScript utility toolkit. Prior to version 12.5.1, the set function within the Radashi library is vulnerable to prototype pollution. If an attacker can control parts of the path argument to the set function, they could potentially modify the prototype of all objects in the JavaScript runtime, leading to unexpected behavior, denial of service, or even remote code execution in some specific scenarios. This issue has been patched in version 12.5.1. A workaround for this issue involves sanitizing the path argument provided to the set function to ensure that no part of the path string is __proto__, prototype, or constructor.

CVSS: MEDIUM (6.8)

EPSS Score: 0.56%

Source: CVE

May 27th, 2025 (23 days ago)

CVE-2025-48742

The installer in SIGB PMB before 8.0.1.2 allows remote code execution.

Description: The installer in SIGB PMB before 8.0.1.2 allows remote code execution.

CVSS: MEDIUM (5.4)

EPSS Score: 0.1%

Source: CVE

May 27th, 2025 (23 days ago)

CVE-2025-48744

In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.

Description: In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.

CVSS: MEDIUM (6.4)

EPSS Score: 0.15%

Source: CVE

May 27th, 2025 (23 days ago)

CVE-2025-48743

SIGB PMB before 8.0.1.2 allows SQL injection.

Description: SIGB PMB before 8.0.1.2 allows SQL injection.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE

May 27th, 2025 (23 days ago)

CVE-2025-4683

MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.5 - Missing Authorization to Authenticated (Subscriber+) Posts Creation

Description: The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new posts.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE

May 27th, 2025 (23 days ago)

CVE-2025-4682

Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slid...

Description: The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML attributes in Slider and Post Carousel widgets in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE

May 27th, 2025 (23 days ago)

CVE-2025-33079

IBM Controller information disclosure

Description: IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

May 27th, 2025 (23 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-38866	Livestatus Injection in dynmaps Description: Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection CVSS: MEDIUM (5.3) EPSS Score: 0.05% Source: CVE May 27th, 2025 (23 days ago)
CVE-2025-5232	PHPGurukul Student Study Center Management System report.php sql injection Description: A vulnerability, which was classified as critical, has been found in PHPGurukul Student Study Center Management System 1.0. This issue affects some unknown processing of the file /admin/report.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PHPGurukul Student Study Center Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /admin/report.php. Durch Beeinflussen des Arguments fromdate/todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (5.1) EPSS Score: 0.03% Source: CVE May 27th, 2025 (23 days ago)
CVE-2025-5231	PHPGurukul Company Visitor Management System forgot-password.php sql injection Description: A vulnerability classified as critical was found in PHPGurukul Company Visitor Management System 1.0. This vulnerability affects unknown code of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Company Visitor Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um eine nicht näher bekannte Funktion der Datei /forgot-password.php. Durch das Beeinflussen des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.9) EPSS Score: 0.03% Source: CVE May 27th, 2025 (23 days ago)
CVE-2025-48054	Radashi Vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Description: Radashi is a TypeScript utility toolkit. Prior to version 12.5.1, the set function within the Radashi library is vulnerable to prototype pollution. If an attacker can control parts of the path argument to the set function, they could potentially modify the prototype of all objects in the JavaScript runtime, leading to unexpected behavior, denial of service, or even remote code execution in some specific scenarios. This issue has been patched in version 12.5.1. A workaround for this issue involves sanitizing the path argument provided to the set function to ensure that no part of the path string is __proto__, prototype, or constructor. CVSS: MEDIUM (6.8) EPSS Score: 0.56% Source: CVE May 27th, 2025 (23 days ago)
CVE-2025-48742	The installer in SIGB PMB before 8.0.1.2 allows remote code execution. Description: The installer in SIGB PMB before 8.0.1.2 allows remote code execution. CVSS: MEDIUM (5.4) EPSS Score: 0.1% Source: CVE May 27th, 2025 (23 days ago)
CVE-2025-48744	In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution. Description: In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution. CVSS: MEDIUM (6.4) EPSS Score: 0.15% Source: CVE May 27th, 2025 (23 days ago)
CVE-2025-48743	SIGB PMB before 8.0.1.2 allows SQL injection. Description: SIGB PMB before 8.0.1.2 allows SQL injection. CVSS: MEDIUM (5.3) EPSS Score: 0.05% Source: CVE May 27th, 2025 (23 days ago)
CVE-2025-4683	MStore API – Create Native Android & iOS Apps On The Cloud <= 4.17.5 - Missing Authorization to Authenticated (Subscriber+) Posts Creation Description: The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new posts. CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE May 27th, 2025 (23 days ago)
CVE-2025-4682	Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slid... Description: The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML attributes in Slider and Post Carousel widgets in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVSS: MEDIUM (6.4) EPSS Score: 0.03% Source: CVE May 27th, 2025 (23 days ago)
CVE-2025-33079	IBM Controller information disclosure Description: IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 27th, 2025 (23 days ago)