CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-48054 |
Description: Radashi is a TypeScript utility toolkit. Prior to version 12.5.1, the set function within the Radashi library is vulnerable to prototype pollution. If an attacker can control parts of the path argument to the set function, they could potentially modify the prototype of all objects in the JavaScript runtime, leading to unexpected behavior, denial of service, or even remote code execution in some specific scenarios. This issue has been patched in version 12.5.1. A workaround for this issue involves sanitizing the path argument provided to the set function to ensure that no part of the path string is __proto__, prototype, or constructor.
CVSS: MEDIUM (6.8) EPSS Score: 0.56%
May 27th, 2025 (23 days ago)
|
|
CVE-2025-48742 |
Description: The installer in SIGB PMB before 8.0.1.2 allows remote code execution.
CVSS: MEDIUM (5.4) EPSS Score: 0.1%
May 27th, 2025 (23 days ago)
|
|
CVE-2025-48744 |
Description: In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.
CVSS: MEDIUM (6.4) EPSS Score: 0.15%
May 27th, 2025 (23 days ago)
|
|
CVE-2025-48743 |
Description: SIGB PMB before 8.0.1.2 allows SQL injection.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
May 27th, 2025 (23 days ago)
|
|
CVE-2025-4683 |
Description: The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_blog function in all versions up to, and including, 4.17.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new posts.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 27th, 2025 (23 days ago)
|
|
CVE-2025-4682 |
Description: The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML attributes in Slider and Post Carousel widgets in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
May 27th, 2025 (23 days ago)
|
|
CVE-2025-33079 |
Description: IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 27th, 2025 (23 days ago)
|
|
CVE-2025-4783 |
Description: The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
May 27th, 2025 (23 days ago)
|
|
CVE-2025-5207 |
Description: A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Affected by this issue is some unknown functionality of the file /superadmin_update_profile.php. The manipulation of the argument nickname/email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in SourceCodester Client Database Management System 1.0 entdeckt. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /superadmin_update_profile.php. Mittels dem Manipulieren des Arguments nickname/email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.7) EPSS Score: 0.03%
May 26th, 2025 (23 days ago)
|
|
CVE-2025-5206 |
Description: A vulnerability classified as critical was found in Pixelimity 1.0. Affected by this vulnerability is an unknown functionality of the file /install/index.php of the component Installation. The manipulation of the argument site_description leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In Pixelimity 1.0 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /install/index.php der Komponente Installation. Durch Manipulation des Arguments site_description mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.7) EPSS Score: 0.03%
May 26th, 2025 (23 days ago)
|