CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-31947
Repeated LDAP login failures can lock an LDAP account
Description: Mattermost versions 10.6.x <= 10.6.1, 10.5.x <= 10.5.2, 10.4.x <= 10.4.4, 9.11.x <= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.

CVSS: MEDIUM (5.8)

EPSS Score: 0.05%

Source: CVE
May 15th, 2025 (about 1 month ago)
Google Patches Actively Exploited Chrome Flaw Allowing Cross-Origin Data Leaks
🚨 Marked as known exploited on May 15th, 2025 (about 1 month ago).
Description: Google has issued a security update for Chrome's Stable channel, addressing a high-severity vulnerability in Chrome's Loader component that has been actively exploited in the wild. The flaw, tracked under CVE-2025-4664, was publicly disclosed by security researcher ‘@slonser_‘ on May 5, 2025, through a series of technical posts on X. The exploit technique, which was … The post Google Patches Actively Exploited Chrome Flaw Allowing Cross-Origin Data Leaks appeared first on CyberInsider.

CVSS: MEDIUM (4.3)

EPSS Score: 0.06%

Source: CyberInsider
May 15th, 2025 (about 1 month ago)

CVE-2025-32738
Missing authentication for critical function issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier. If...
Description: Missing authentication for critical function issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier. If exploited, a remote unauthenticated attacker may change the product settings.

CVSS: MEDIUM (5.3)

EPSS Score: 0.07%

Source: CVE
May 15th, 2025 (about 1 month ago)

CVE-2025-4737
Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may lead to the risk of sensitive information...
Description: Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may lead to the risk of sensitive information leakage.

CVSS: MEDIUM (6.2)

EPSS Score: 0.0%

Source: CVE
May 15th, 2025 (about 1 month ago)

CVE-2025-3742
Responsive Lightbox & Gallery < 2.5.1 - Contributor+ Stored XSS
Description: The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVSS: MEDIUM (6.8)

EPSS Score: 0.04%

Source: CVE
May 15th, 2025 (about 1 month ago)

CVE-2025-27524
Weak encryption vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager
Description: Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.

CVSS: MEDIUM (5.3)

EPSS Score: 0.01%

Source: CVE
May 15th, 2025 (about 1 month ago)

CVE-2024-10969
1000 Projects Bookstore Management System Login login_process.php sql injection
Description: A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login_process.php of the component Login. The manipulation of the argument unm/pwd leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in 1000 Projects Bookstore Management System 1.0 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei /admin/login_process.php der Komponente Login. Durch die Manipulation des Arguments unm/pwd mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.05%

SSVC Exploitation: poc

Source: CVE
May 15th, 2025 (about 1 month ago)
New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
Description: Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader. "Insufficient policy enforcement in Loader in Google

CVSS: MEDIUM (4.3)

EPSS Score: 0.06%

Source: TheHackerNews
May 15th, 2025 (about 1 month ago)

CVE-2025-48027
The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver.
Description: The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver.

CVSS: MEDIUM (5.4)

EPSS Score: 0.06%

Source: CVE
May 15th, 2025 (about 1 month ago)

CVE-2025-48024
In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint.
Description: In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint.

CVSS: MEDIUM (5.0)

EPSS Score: 0.03%

Source: CVE
May 15th, 2025 (about 1 month ago)