CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-46053 |
Description: A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php
CVSS: MEDIUM (5.1) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-44185 |
Description: SourceCodester Best Employee Management System V1.0 is vulnerable to Cross Site Request Forgery (CSRF) in /admin/change_pass.php via the password parameter.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
Description: Keeping your ears to the ground and eyes wide open for the latest vulnerability news at watchTowr is a given. Despite rummaging through enterprise code looking for 0days on a daily basis, our interest was piqued this week when news of fresh vulnerabilities was announced in a close friend -
CVSS: MEDIUM (5.3) EPSS Score: 82.26%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-4516 |
Description: There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.
CVSS: MEDIUM (5.9) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-44183 |
Description: Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the name, email, and mobile parameters.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-44181 |
Description: Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/add-brand.php via the brandname parameter.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-4697 |
Description: A vulnerability was found in PHPGurukul Directory Management System 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/edit-directory.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in PHPGurukul Directory Management System 2.0 ausgemacht. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /admin/edit-directory.php. Mittels Manipulieren des Arguments editid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-4696 |
Description: A vulnerability was found in PHPGurukul Cyber Cafe Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Cyber Cafe Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht näher bekannte Funktion der Datei /search.php. Mittels dem Manipulieren des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-4695 |
Description: A vulnerability was found in PHPGurukul Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation of the argument uadd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in PHPGurukul Cyber Cafe Management System 1.0 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /add-users.php. Durch Manipulation des Arguments uadd mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-3446 |
Description: Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|