CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-8654 |
Description: MongoDB Server may access non-initialized region of memory leading to unexpected behaviour when zero arguments are called in internal aggregation stage. This issue affected MongoDB Server v6.0 version 6.0.3.
CVSS: MEDIUM (5.0) EPSS Score: 0.11% SSVC Exploitation: none
May 17th, 2025 (about 1 month ago)
|
|
CVE-2024-8207 |
Description: In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.
Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue
CVSS: MEDIUM (6.4) EPSS Score: 0.02% SSVC Exploitation: none
May 17th, 2025 (about 1 month ago)
|
|
Description: seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-40120
https://github.com/seaweedfs/seaweedfs/issues/5710
https://gist.github.com/sud0why/1b2115c1d644bd3db1c1b3f16684a78c
https://github.com/seaweedfs/seaweedfs/commit/9ac1023362000f6e8e58c9d278653f5926a0d90e
https://github.com/seaweedfs/seaweedfs/releases/tag/3.69
https://github.com/advisories/GHSA-q97m-8853-pq76
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-4808 |
Description: A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0 and classified as critical. This issue affects some unknown processing of the file /add-normal-ticket.php. The manipulation of the argument noadult leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Eine kritische Schwachstelle wurde in PHPGurukul Park Ticketing Management System 2.0 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /add-normal-ticket.php. Durch das Beeinflussen des Arguments noadult mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-4805 |
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS. This vulnerability requires an authenticated administrator session to a locally managed Firebox.
This issue affects Fireware OS: from 12.0 through 12.11.1.
CVSS: MEDIUM (4.8) EPSS Score: 0.06%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-4804 |
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.
This issue affects Fireware OS: from 12.0 through 12.11.1.
CVSS: MEDIUM (4.8) EPSS Score: 0.06%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-32407 |
Description: Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel, allowing for Man-in-the-Middle attacks, stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This vulnerability is in an end-of-life product that is no longer maintained by the vendor.
CVSS: MEDIUM (5.9) EPSS Score: 0.02%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-4807 |
Description: A vulnerability, which was classified as problematic, was found in SourceCodester Online Student Clearance System 1.0. This affects an unknown part. The manipulation leads to exposure of information through directory listing. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in SourceCodester Online Student Clearance System 1.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock. Durch das Manipulieren mit unbekannten Daten kann eine exposure of information through directory listing-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.18%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-4806 |
Description: A vulnerability, which was classified as critical, has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=back_order/view_bo. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in SourceCodester/oretnom23 Stock Management System 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei /admin/?page=back_order/view_bo. Mittels Manipulieren des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.03% SSVC Exploitation: poc
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-4795 |
Description: A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in gongfuxiang schoolcms 2.3.1 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft die Funktion SaveInfo der Datei /index.php?m=Admin&c=article&a=SaveInfo. Mittels dem Manipulieren des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.7) EPSS Score: 0.04% SSVC Exploitation: poc
May 16th, 2025 (about 1 month ago)
|