CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-47578	WordPress BNS Twitter Follow Button plugin <= 0.3.8 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Edward Caissie BNS Twitter Follow Button allows DOM-Based XSS.This issue affects BNS Twitter Follow Button: from n/a through 0.3.8. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 12th, 2025 (about 1 month ago)
CVE-2025-46750	Authentication Bypass Description: SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no password set. CVSS: MEDIUM (4.4) EPSS Score: 0.02% Source: CVE May 12th, 2025 (about 1 month ago)
CVE-2025-46749	Improper Neutralization of Input Description: An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution. CVSS: MEDIUM (4.3) EPSS Score: 0.04% Source: CVE May 12th, 2025 (about 1 month ago)
CVE-2025-46747	Exposure of Sensitive System Information Description: An authenticated user without user-management permissions could identify other user accounts. CVSS: MEDIUM (5.7) EPSS Score: 0.03% Source: CVE May 12th, 2025 (about 1 month ago)
CVE-2025-46746	Error Message Contains Sensitive Information Description: An administrator could discover another account's credentials. CVSS: MEDIUM (5.8) EPSS Score: 0.03% Source: CVE May 12th, 2025 (about 1 month ago)
CVE-2025-46745	Improper Privilege Management Description: An authenticated user without user-management permissions could view other users' account information. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 12th, 2025 (about 1 month ago)
CVE-2025-46743	Cross-Site Request Forgery Description: An authenticated user's token could be used by another source after the user had logged out prior to the token expiring. CVSS: MEDIUM (6.3) EPSS Score: 0.02% Source: CVE May 12th, 2025 (about 1 month ago)
CVE-2025-46742	Improper Access Control Description: Users who were required to change their password could still access system information before changing their password CVSS: MEDIUM (4.3) EPSS Score: 0.03% Source: CVE May 12th, 2025 (about 1 month ago)
CVE-2025-46741	Improper Privilege Management Description: A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred. CVSS: MEDIUM (5.7) EPSS Score: 0.01% Source: CVE May 12th, 2025 (about 1 month ago)
CVE-2025-46738	Deserialization of Untrusted Data Description: An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code. CVSS: MEDIUM (6.6) EPSS Score: 0.06% Source: CVE May 12th, 2025 (about 1 month ago)