CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-31630

Description: Missing Authorization vulnerability in themeton The Business allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Business: from n/a through 1.6.1.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
May 16th, 2025 (about 2 months ago)

CVE-2025-31071

Description: Missing Authorization vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
May 16th, 2025 (about 2 months ago)

CVE-2025-31068

Description: Cross-Site Request Forgery (CSRF) vulnerability in themeton Seven Stars allows Cross Site Request Forgery. This issue affects Seven Stars: from n/a through 1.4.4.

CVSS: MEDIUM (4.3)

EPSS Score: 0.02%

Source: CVE
May 16th, 2025 (about 2 months ago)

CVE-2025-31066

Description: Missing Authorization vulnerability in themeton Acerola allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Acerola: from n/a through 1.6.5.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
May 16th, 2025 (about 2 months ago)

CVE-2025-31065

Description: Missing Authorization vulnerability in themeton Rozario allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rozario: from n/a through 1.4.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
May 16th, 2025 (about 2 months ago)

CVE-2025-31063

Description: Missing Authorization vulnerability in redqteam Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wishlist: from n/a through 2.1.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
May 16th, 2025 (about 2 months ago)

CVE-2025-31062

Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in redqteam Wishlist allows Retrieve Embedded Sensitive Data. This issue affects Wishlist: from n/a through 2.1.0.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

Source: CVE
May 16th, 2025 (about 2 months ago)

CVE-2024-0291

Description: A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in Totolink LR1200GB 9.1.0u.6619_B20230130 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion UploadFirmwareFile der Datei /cgi-bin/cstecgi.cgi. Durch die Manipulation des Arguments FileName mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 2.02%

SSVC Exploitation: poc

Source: CVE
May 16th, 2025 (about 2 months ago)

CVE-2024-0272

Description: A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file addmaterialsubmit.php. The manipulation of the argument material_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249827. Eine kritische Schwachstelle wurde in Kashipara Food Management System bis 1.0 gefunden. Dies betrifft einen unbekannten Teil der Datei addmaterialsubmit.php. Mittels Manipulieren des Arguments material_name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.05%

SSVC Exploitation: poc

Source: CVE
May 16th, 2025 (about 2 months ago)
🚨 Marked as known exploited on May 16th, 2025 (about 2 months ago).
Description: Two critical Ivanti zero-days (CVE-2025-4427 and CVE-2025-4428) are now being actively exploited after a surge in scanning activity last month. When chained together, these vulnerabilities enable unauthenticated remote code execution on Ivanti Endpoint Manager Mobile systems.

CVSS: MEDIUM (5.3)

EPSS Score: 82.26%

Source: GreyNoise
May 16th, 2025 (about 2 months ago)