CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3916 |
Description: CWE-121: Stack-based Buffer Overflow vulnerability exists that could cause local attackers being able to
exploit these issues to potentially execute arbitrary code while the end user opens a malicious project file (SSD
file) provided by the attacker.
CVSS: MEDIUM (4.6) EPSS Score: 0.02%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-27696 |
Description: Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.
This issue affects Apache Superset: through 4.1.1.
Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue.
CVSS: MEDIUM (5.3) EPSS Score: 0.01%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-4339 |
Description: The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary theme options.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-3107 |
Description: The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby' parameter in all versions up to, and including, 4.9.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-31257 |
Description: This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVSS: MEDIUM (4.7) EPSS Score: 0.04%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-31256 |
Description: The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-31251 |
Description: The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-31250 |
Description: An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-31245 |
Description: The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 12th, 2025 (about 1 month ago)
|
|
CVE-2025-31242 |
Description: A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 12th, 2025 (about 1 month ago)
|