CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-48119 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in RS WP THEMES RS WP Book Showcase allows Code Injection. This issue affects RS WP Book Showcase: from n/a through 6.7.41.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-48117 |
Description: Missing Authorization vulnerability in kilbot WooCommerce POS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooCommerce POS: from n/a through 1.7.8.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-48116 |
Description: Missing Authorization vulnerability in Ashan Perera EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 2.4.4.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-48115 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Javier Revilla ValidateCertify allows Cross Site Request Forgery. This issue affects ValidateCertify: from n/a through 1.6.2.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-48113 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Broadstreet Broadstreet allows Stored XSS. This issue affects Broadstreet: from n/a through 1.51.8.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-48080 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Stored XSS. This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.7.0.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-48079 |
Description: Missing Authorization vulnerability in Metagauss ProfileGrid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ProfileGrid : from n/a through 5.9.5.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-4786 |
Description: A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/?page=return/view_return. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in SourceCodester/oretnom23 Stock Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /admin/?page=return/view_return. Mittels Manipulieren des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.03%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-47564 |
Description: Missing Authorization vulnerability in ashanjay EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 4.9.9.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
May 16th, 2025 (about 1 month ago)
|
|
CVE-2025-47563 |
Description: Missing Authorization vulnerability in villatheme CURCY allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CURCY: from n/a through 2.3.7.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 16th, 2025 (about 1 month ago)
|