CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-46527
WordPress Web3Press – Decentralize Publishing with Writing NFT plugin <= 3.2.0 - Arbitrary File Read vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LikeCoin Web3Press allows Path Traversal. This issue affects Web3Press: from n/a through 3.2.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (27 days ago)

CVE-2025-46518
WordPress IGIT Related Posts With Thumb Image After Posts <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts allows Stored XSS. This issue affects IGIT Related Posts With Thumb Image After Posts: from n/a through 4.5.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 23rd, 2025 (27 days ago)

CVE-2025-46493
WordPress Crossword Compiler Puzzles <= 5.3 - Cross Site Scripting (XSS) Vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wordwebsoftware Crossword Compiler Puzzles allows Stored XSS. This issue affects Crossword Compiler Puzzles: from n/a through 5.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE
May 23rd, 2025 (27 days ago)

CVE-2025-46486
WordPress Nomupay Payment Processing Gateway <= 7.1.7 - Arbitrary File Download Vulnerability
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway allows Path Traversal. This issue affects Nomupay Payment Processing Gateway: from n/a through 7.1.7.

CVSS: MEDIUM (4.9)

EPSS Score: 0.05%

Source: CVE
May 23rd, 2025 (27 days ago)

CVE-2025-41380
Injection vulnerability in Iridium Certus 700
Description: Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. This vulnerability allows a local user to retrieve the SSH hash string.

CVSS: MEDIUM (6.1)

EPSS Score: 0.02%

Source: CVE
May 23rd, 2025 (27 days ago)

CVE-2025-41379
Injection vulnerability in Iridium Certus 700
Description: The Intellian C700 web panel allows you to add firewall rules. Each of these rules has an associated ID, but there is a problem when adding a new rule, the ID used to create the database entry may be different from the JSON ID. If the rule needs to be deleted later, the system will use the JSON ID and therefore fail. This can be exploited by an attacker to create rules that cannot be deleted unless the device is reset to factory defaults.

CVSS: MEDIUM (6.3)

EPSS Score: 0.09%

Source: CVE
May 23rd, 2025 (27 days ago)

CVE-2025-41378
Injection vulnerability in Iridium Certus 700
Description: The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his knowledge of the system and compromise other devices. The information is filtered by the logs function of the web panel.

CVSS: MEDIUM (6.9)

EPSS Score: 0.07%

Source: CVE
May 23rd, 2025 (27 days ago)

CVE-2024-7803
Allocation of Resources Without Limits or Throttling in GitLab
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
May 23rd, 2025 (27 days ago)
ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices
Description: Cybersecurity researchers have disclosed that a threat actor codenamed ViciousTrap has compromised nearly 5,300 unique network edge devices across 84 countries and turned them into a honeypot-like network. The threat actor has been observed exploiting a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers (CVE-2023-20118) to corral them into

CVSS: MEDIUM (6.5)

Source: TheHackerNews
May 23rd, 2025 (27 days ago)

CVE-2025-5106
Fujian Kelixun Filename fax_view.php os command injection
Description: A vulnerability was found in Fujian Kelixun 1.0. It has been classified as critical. This affects an unknown part of the file /app/fax/fax_view.php of the component Filename Handler. The manipulation of the argument fax_file leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine Schwachstelle in Fujian Kelixun 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /app/fax/fax_view.php der Komponente Filename Handler. Durch Manipulation des Arguments fax_file mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 2.14%

Source: CVE
May 23rd, 2025 (27 days ago)