CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26778 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Gallery allows Stored XSS. This issue affects Gallery: from n/a through 2.2.1.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
February 18th, 2025 (4 months ago)
|
|
CVE-2025-26775 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 BEAR allows Stored XSS. This issue affects BEAR: from n/a through 1.1.4.4.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
February 18th, 2025 (4 months ago)
|
|
CVE-2025-26773 |
Description: Missing Authorization vulnerability in Adnan Analytify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Analytify: from n/a through 5.5.0.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
February 18th, 2025 (4 months ago)
|
|
CVE-2025-26772 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detheme DethemeKit For Elementor allows Stored XSS. This issue affects DethemeKit For Elementor: from n/a through 2.1.8.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
February 18th, 2025 (4 months ago)
|
|
CVE-2025-26771 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 1.7.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
February 18th, 2025 (4 months ago)
|
|
CVE-2025-26770 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Waymark allows Stored XSS. This issue affects Waymark: from n/a through 1.5.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
February 18th, 2025 (4 months ago)
|
|
CVE-2025-26769 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webilia Inc. Vertex Addons for Elementor allows Stored XSS. This issue affects Vertex Addons for Elementor: from n/a through 1.2.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
February 18th, 2025 (4 months ago)
|
|
CVE-2025-26758 |
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds allows Retrieve Embedded Sensitive Data. This issue affects Spotlight Social Media Feeds: from n/a through 1.7.1.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
February 18th, 2025 (4 months ago)
|
|
CVE-2025-26754 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Timeline Block allows Stored XSS. This issue affects Timeline Block: from n/a through 1.1.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
February 18th, 2025 (4 months ago)
|
|
CVE-2024-13879 |
Description: The Stream plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.2 due to insufficient validation on the webhook feature. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
February 18th, 2025 (4 months ago)
|