CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-39373 |
Description: Missing Authorization vulnerability in jegtheme JNews.This issue affects JNews: from n/a through 11.6.5.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-39371 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Author Box Plugin With Different Description allows Cross Site Request Forgery.This issue affects Author Box Plugin With Different Description: from n/a through 1.3.5.
CVSS: MEDIUM (4.3) EPSS Score: 0.02% SSVC Exploitation: none
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-39369 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sihibbs Posts for Page allows DOM-Based XSS.This issue affects Posts for Page: from n/a through 2.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: none
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-39368 |
Description: Missing Authorization vulnerability in ed4becky Rootspersona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rootspersona: from n/a through 3.7.5.
CVSS: MEDIUM (5.3) EPSS Score: 0.04% SSVC Exploitation: none
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-39353 |
Description: Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n/a through 7.0.
CVSS: MEDIUM (5.3) EPSS Score: 0.04% SSVC Exploitation: none
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-39351 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Restaurant WordPress allows Cross Site Request Forgery.This issue affects Grand Restaurant WordPress: from n/a through 7.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.02% SSVC Exploitation: none
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-32920 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Stored XSS.This issue affects TI WooCommerce Wishlist: from n/a through 2.9.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: none
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-26920 |
Description: Missing Authorization vulnerability in PressMaximum Customify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customify: from n/a through 0.4.8.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-26867 |
Description: Missing Authorization vulnerability in Themes4WP Bulk allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bulk: from n/a through 1.0.11.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-24184 |
Description: The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to cause unexpected system termination.
CVSS: MEDIUM (5.5) EPSS Score: 0.01% SSVC Exploitation: none
May 19th, 2025 (about 1 month ago)
|