CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3908 |
Description: The configuration initialization tool in OpenVPN 3 Linux v20 through v24 on Linux allows a local attacker to use symlinks pointing at an arbitrary directory which will change the ownership and permissions of that destination directory.
CVSS: MEDIUM (6.2) EPSS Score: 0.02% SSVC Exploitation: none
May 19th, 2025 (about 1 month ago)
|
|
CVE-2024-33939 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-4936 |
Description: A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in projectworlds Online Food Ordering System 1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /admin-page.php. Mit der Manipulation des Arguments 1_price mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.03%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-48346 |
Description: Missing Authorization vulnerability in Etsy360 Embed and Integrate Etsy Shop allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Embed and Integrate Etsy Shop: from n/a through 1.0.4.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-48344 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in ed4becky Rootspersona allows Cross Site Request Forgery. This issue affects Rootspersona: from n/a through 3.7.5.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-48342 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in RedefiningTheWeb Dynamic Pricing & Discounts Lite for WooCommerce allows Cross Site Request Forgery. This issue affects Dynamic Pricing & Discounts Lite for WooCommerce: from n/a through 2.0.3.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-48341 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Form Maker by 10Web allows Stored XSS. This issue affects Form Maker by 10Web: from n/a through 1.15.33.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-48288 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Element Invader ElementInvader Addons for Elementor allows Stored XSS. This issue affects ElementInvader Addons for Elementor: from n/a through 1.3.5.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-48285 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage allows Cross Site Request Forgery. This issue affects Falang multilanguage: from n/a through 1.3.61.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
May 19th, 2025 (about 1 month ago)
|
|
CVE-2025-48284 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in shohei.tanaka Japanized For WooCommerce allows Cross Site Request Forgery. This issue affects Japanized For WooCommerce: from n/a through 2.6.40.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
May 19th, 2025 (about 1 month ago)
|