CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24184 |
Description: The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to cause unexpected system termination.
CVSS: MEDIUM (5.5) EPSS Score: 0.01% SSVC Exploitation: none
May 19th, 2025 (about 1 month ago)
|
|
CVE-2024-2045 |
Description: Session version 1.17.5 allows obtaining internal application files and public
files from the user's device without the user's consent. This is possible
because the application is vulnerable to Local File Read via chat attachments.
CVSS: MEDIUM (5.5) EPSS Score: 0.07% SSVC Exploitation: poc
May 19th, 2025 (about 1 month ago)
|
|
CVE-2024-1140 |
Description: Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.
CVSS: MEDIUM (6.1) EPSS Score: 0.02% SSVC Exploitation: none
May 19th, 2025 (about 1 month ago)
|
|
CVE-2024-0788 |
Description: SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver.
CVSS: MEDIUM (6.6) EPSS Score: 0.04% SSVC Exploitation: poc
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-4938 |
Description: A vulnerability was found in PHPGurukul Employee Record Management System 1.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registererms.php. The manipulation of the argument Email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in PHPGurukul Employee Record Management System 1.3 ausgemacht. Davon betroffen ist unbekannter Code der Datei /registererms.php. Durch Manipulation des Arguments Email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.03% SSVC Exploitation: poc
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-3908 |
Description: The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.
CVSS: MEDIUM (6.2) EPSS Score: 0.02% SSVC Exploitation: none
May 19th, 2025 (about 1 month ago)
|
|
CVE-2024-33939 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-4936 |
Description: A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in projectworlds Online Food Ordering System 1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /admin-page.php. Mit der Manipulation des Arguments 1_price mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.03%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-48346 |
Description: Missing Authorization vulnerability in Etsy360 Embed and Integrate Etsy Shop allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embed and Integrate Etsy Shop: from n/a through 1.0.4.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-48344 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in ed4becky Rootspersona allows Cross Site Request Forgery. This issue affects Rootspersona: from n/a through 3.7.5.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
May 19th, 2025 (about 1 month ago)
|