CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-31251.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 21st, 2025 (30 days ago)
|
CVE-2025-48012 |
Description: Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0.
CVSS: MEDIUM (4.8) EPSS Score: 0.05% SSVC Exploitation: none
May 21st, 2025 (30 days ago)
|
|
CVE-2025-48011 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.
CVSS: MEDIUM (4.8) EPSS Score: 0.04% SSVC Exploitation: none
May 21st, 2025 (30 days ago)
|
|
CVE-2025-4415 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before 1.3.2.
CVSS: MEDIUM (4.8) EPSS Score: 0.03% SSVC Exploitation: none
May 21st, 2025 (30 days ago)
|
|
CVE-2025-20267 |
Description: A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials.
CVSS: MEDIUM (4.8) EPSS Score: 0.04%
May 21st, 2025 (30 days ago)
|
|
CVE-2025-20258 |
Description: A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands into a portion of an email that is sent by the service. A successful exploit could allow the attacker to send emails that contain malicious content to unsuspecting users.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
May 21st, 2025 (30 days ago)
|
|
CVE-2025-20257 |
Description: A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product.
Thi vulnerability is due to insufficient authorization enforcement on a specific API. An attacker could exploit this vulnerability by authenticating as a low-privileged user and performing API calls with crafted input. A successful exploit could allow the attacker to obfuscate legitimate findings in analytics reports or create false indications with alarms and alerts on an affected device.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
May 21st, 2025 (30 days ago)
|
|
CVE-2025-20256 |
Description: A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system.
This vulnerability is due to insufficient input validation in specific fields of the web-based management interface. An attacker with valid administrative credentials could exploit this vulnerability by sending crafted input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.
CVSS: MEDIUM (6.5) EPSS Score: 0.06%
May 21st, 2025 (30 days ago)
|
|
CVE-2025-20255 |
Description: A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service.
This vulnerability is due to improper handling of malicious HTTP requests to the affected service. An attacker could exploit this vulnerability by manipulating stored HTTP responses within the service, also known as HTTP cache poisoning. A successful exploit could allow the attacker to cause the Webex Meetings service to return incorrect HTTP responses to clients.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
May 21st, 2025 (30 days ago)
|
|
CVE-2025-20250 |
Description: A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.
A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
May 21st, 2025 (30 days ago)
|