CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3218 |
Description: IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to authentication and authorization attacks due to incorrect validation processing in IBM i Netserver. A malicious actor could use the weaknesses, in conjunction with brute force authentication attacks or to bypass authority restrictions, to access the server.
CVSS: MEDIUM (5.4) EPSS Score: 0.03% SSVC Exploitation: none
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-29602 |
Description: flatpress 1.3.1 is vulnerable to Cross Site Scripting (XSS) in Administration area via Manage categories.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-39361 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1017.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-27533 |
Description: Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ.
During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excessive memory allocation and be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on the availability of the ActiveMQ broker when not using mutual TLS connections.
This issue affects Apache ActiveMQ: from 6.0.0 before 6.1.6, from 5.18.0 before 5.18.7, from 5.17.0 before 5.17.7, before 5.16.8. ActiveMQ 5.19.0 is not affected.
Users are recommended to upgrade to version 6.1.6+, 5.19.0+, 5.18.7+, 5.17.7, or 5.16.8 or which fixes the issue.
Existing users may implement mutual TLS to mitigate the risk on affected brokers.
CVSS: MEDIUM (6.9) EPSS Score: 0.37%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-20980 |
Description: Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.
CVSS: MEDIUM (4.0) EPSS Score: 0.02%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-20978 |
Description: Improper access control in PENUP prior to version 3.9.19.32 allows local attackers to access files with PENUP privilege.
CVSS: MEDIUM (6.2) EPSS Score: 0.02%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-20976 |
Description: Out-of-bounds read in applying binary of text content in Samsung Notes prior to version 4.4.29.23 allows attackers to read out-of-bounds memory.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-20975 |
Description: Improper Export of Android Application Components in AODService prior to version 8.8.28.12 allows local attackers to launch arbitrary activity with systemui privilege.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-20974 |
Description: Improper handling of insufficient permission in PackageInstallerCN prior to version 15.0.11.0 allows local attacker to bypass user interaction for requested installation.
CVSS: MEDIUM (6.1) EPSS Score: 0.01%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-20973 |
Description: Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
May 7th, 2025 (about 2 months ago)
|