CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-43835 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in ktsvetkov allows Cross Site Request Forgery.This issue affects wp-cyr-cho: from n/a through 0.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-43834 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tox82 cookieBAR allows Stored XSS.This issue affects cookieBAR: from n/a through 1.7.0.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-39460 |
Description: Missing Authorization vulnerability in ThimPress Eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through 5.6.4.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-39454 |
Description: Missing Authorization vulnerability in Jeroen Peters Name Directory.This issue affects Name Directory: from n/a through 1.30.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-39450 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetTabs allows DOM-Based XSS.This issue affects JetTabs: from n/a through 2.2.7.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-39448 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor allows Stored XSS.This issue affects JetElements For Elementor: from n/a through 2.7.4.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-39412 |
Description: Missing Authorization vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.10.8.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-39398 |
Description: Missing Authorization vulnerability in Themovation Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue.This issue affects Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue: from n/a through 4.2.2.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-22287 |
Description: Missing Authorization vulnerability in Eniture Technology LTL Freight Quotes – FreightQuote Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through 2.3.11.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2024-6533 |
Description: Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover.
CVSS: MEDIUM (5.4) EPSS Score: 0.02% SSVC Exploitation: poc
May 19th, 2025 (about 1 month ago)
|