CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-2394 |
Description: Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure.
CVSS: MEDIUM (4.7) EPSS Score: 0.02% SSVC Exploitation: none
May 23rd, 2025 (27 days ago)
|
|
CVE-2025-5109 |
Description: A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component STATUS Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in FreeFloat FTP Server 1.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Komponente STATUS Command Handler. Durch das Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.05%
May 23rd, 2025 (27 days ago)
|
|
CVE-2025-5108 |
Description: A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in zongzhige ShopXO 6.5.0 ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion Upload der Datei app/admin/controller/Payment.php der Komponente ZIP File Handler. Mittels Manipulieren des Arguments params mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 23rd, 2025 (27 days ago)
|
|
CVE-2025-5107 |
Description: A vulnerability was found in Fujian Kelixun 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /app/xml_cdr/xml_cdr_details.php. The manipulation of the argument uuid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In Fujian Kelixun 1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /app/xml_cdr/xml_cdr_details.php. Mittels dem Manipulieren des Arguments uuid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
May 23rd, 2025 (27 days ago)
|
|
CVE-2025-48275 |
Description: Missing Authorization vulnerability in dastan800 Visual Header allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Visual Header: from n/a through 1.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
May 23rd, 2025 (27 days ago)
|
|
CVE-2025-48271 |
Description: Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Leadinfo: from n/a through 1.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
May 23rd, 2025 (27 days ago)
|
|
CVE-2025-47619 |
Description: Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Path Traversal. This issue affects 6Storage Rentals: from n/a through 2.19.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 23rd, 2025 (27 days ago)
|
|
CVE-2025-47529 |
Description: Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin: from n/a through 1.1.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
May 23rd, 2025 (27 days ago)
|
|
CVE-2025-47513 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Laforge Infocob CRM Forms allows Path Traversal. This issue affects Infocob CRM Forms: from n/a through 2.4.0.
CVSS: MEDIUM (4.9) EPSS Score: 0.05%
May 23rd, 2025 (27 days ago)
|
|
CVE-2025-46527 |
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LikeCoin Web3Press allows Path Traversal. This issue affects Web3Press: from n/a through 3.2.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
May 23rd, 2025 (27 days ago)
|