CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-20953 |
Description: Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.
CVSS: MEDIUM (5.1) EPSS Score: 0.02%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-20949 |
Description: Path traversal vulnerability in Samsung Members prior to version 5.0.00.11 allows attackers to read and write arbitrary file with the privilege of Samsung Members.
CVSS: MEDIUM (5.1) EPSS Score: 0.02%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-20937 |
Description: Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVSS: MEDIUM (6.7) EPSS Score: 0.02%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-4171 |
Description: The WZ Followed Posts – Display what visitors are reading plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wfp' shortcode in all versions up to, and including, 3.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-32404 |
Description: An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malicious RPC packet.
CVSS: MEDIUM (4.8) EPSS Score: 0.06%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-32403 |
Description: An Out-of-bounds Write in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malicious RPC packet.
CVSS: MEDIUM (4.8) EPSS Score: 0.06%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-32401 |
Description: An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malicious RPC packet.
CVSS: MEDIUM (4.8) EPSS Score: 0.06%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-32399 |
Description: An Unchecked Input for Loop Condition in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to cause IO devices that use the library to enter an infinite loop by sending a malicious RPC packet.
CVSS: MEDIUM (5.3) EPSS Score: 0.07%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2024-12120 |
Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget display_message_text parameter in all versions up to, and including, 1.7.1017 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 7th, 2025 (about 2 months ago)
|
|
CVE-2025-3766 |
Description: The Login Lockdown & Protection plugin for WordPress is vulnerable to unauthorized nonce access due to a missing capability check on the ajax_run_tool function in all versions up to, and including, 2.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a valid nonce that can be used to generate a global unlock key, which can in turn be used to add arbitrary IP address to the plugin allowlist. This can only by exploited on new installations where the site administrator hasn't visited the loginlockdown page yet.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 7th, 2025 (about 2 months ago)
|