CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-20246 |
Description: A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.
A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
May 21st, 2025 (30 days ago)
|
|
CVE-2025-20242 |
Description: A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device.
This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port on an affected device. A successful exploit could allow the attacker to read or modify data on the affected device.
CVSS: MEDIUM (6.5) EPSS Score: 0.01%
May 21st, 2025 (30 days ago)
|
|
CVE-2025-20114 |
Description: A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system.
This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by submitting crafted API requests to an affected system to execute an insecure direct object reference attack. A successful exploit could allow the attacker to access specific data that is associated with different users on the affected system.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
May 21st, 2025 (30 days ago)
|
|
CVE-2025-20112 |
Description: A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device.
This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor.
CVSS: MEDIUM (5.1) EPSS Score: 0.01%
May 21st, 2025 (30 days ago)
|
|
CVE-2025-48206 |
Description: The ns_backup extension through 13.0.0 for TYPO3 allows XSS.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 21st, 2025 (30 days ago)
|
|
CVE-2025-48204 |
Description: The ns_backup extension through 13.0.0 for TYPO3 allows command injection.
CVSS: MEDIUM (6.8) EPSS Score: 0.32%
May 21st, 2025 (30 days ago)
|
|
CVE-2025-48203 |
Description: The cs_seo extension through 9.2.0 for TYPO3 allows XSS.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
May 21st, 2025 (30 days ago)
|
|
CVE-2025-48202 |
Description: The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 21st, 2025 (30 days ago)
|
|
CVE-2024-28835 |
Description: A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
CVSS: MEDIUM (5.0) EPSS Score: 0.01% SSVC Exploitation: none
May 21st, 2025 (30 days ago)
|
|
CVE-2024-28834 |
Description: A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
CVSS: MEDIUM (5.3) EPSS Score: 1.14% SSVC Exploitation: none
May 21st, 2025 (30 days ago)
|