CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0132 |
Description: A missing authentication vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an unauthenticated user to disable certain internal services on the Broker VM.
The attacker must have network access to the Broker VM to exploit this issue.
CVSS: MEDIUM (6.9) EPSS Score: 0.1%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2024-0477 |
Description: A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/action/update-deworm.php. The manipulation of the argument usage_deworm leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250582 is the identifier assigned to this vulnerability. In code-projects Fighting Cock Information System 1.0 wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/action/update-deworm.php. Mit der Manipulation des Arguments usage_deworm mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.05% SSVC Exploitation: poc
May 14th, 2025 (about 1 month ago)
|
|
CVE-2024-0416 |
Description: A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth.php. The manipulation of the argument file_name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250436. Eine kritische Schwachstelle wurde in DeShang DSMall bis 5.0.3 entdeckt. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei application/home/controller/MemberAuth.php. Durch Beeinflussen des Arguments file_name mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.4) EPSS Score: 0.18% SSVC Exploitation: poc
May 14th, 2025 (about 1 month ago)
|
|
CVE-2024-0354 |
Description: A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250121 was assigned to this vulnerability. Eine Schwachstelle wurde in unknown-o download-station bis 1.1.8 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei index.php. Durch die Manipulation des Arguments f mit unbekannten Daten kann eine path traversal: '../filedir'-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.17% SSVC Exploitation: poc
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-47709 |
Description: Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-47706 |
Description: Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
CVSS: MEDIUM (4.8) EPSS Score: 0.05%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-47705 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 0.0.0 before 2.0.5.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-47703 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.14.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-47702 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting (XSS).This issue affects oEmbed Providers: from 0.0.0 before 2.2.2.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 14th, 2025 (about 1 month ago)
|
|
CVE-2025-46786 |
Description: Improper neutralization of special elements in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 14th, 2025 (about 1 month ago)
|