CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-3782
Cision Block <= 4.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
Description: The Cision Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
May 6th, 2025 (about 2 months ago)

CVE-2025-4341
D-Link DIR-880L Request Header ssdpcgi sub_16570 command injection
Description: A vulnerability classified as critical was found in D-Link DIR-880L up to 104WWb01. Affected by this vulnerability is the function sub_16570 of the file /htdocs/ssdpcgi of the component Request Header Handler. The manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. In D-Link DIR-880L bis 104WWb01 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion sub_16570 der Datei /htdocs/ssdpcgi der Komponente Request Header Handler. Durch das Beeinflussen des Arguments HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.05%

Source: CVE
May 6th, 2025 (about 2 months ago)

CVE-2025-4340
D-Link DIR-890L/DIR-806A1 soap.cgi sub_175C8 command injection
Description: A vulnerability classified as critical has been found in D-Link DIR-890L and DIR-806A1 up to 100CNb11/108B03. Affected is the function sub_175C8 of the file /htdocs/soap.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. Es wurde eine kritische Schwachstelle in D-Link DIR-890L and DIR-806A1 bis 100CNb11/108B03 entdeckt. Dabei betrifft es die Funktion sub_175C8 der Datei /htdocs/soap.cgi. Durch Manipulieren mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.1%

Source: CVE
May 6th, 2025 (about 2 months ago)

CVE-2025-4333
feng_ha_ha/megagao ssm-erp/production_ssm FileServiceImpl.java uploadFile unrestricted upload
Description: A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 0.0.1. It has been classified as critical. This affects the function uploadFile of the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. The manipulation of the argument uploadFile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names. Es wurde eine Schwachstelle in feng_ha_ha/megagao ssm-erp and production_ssm bis 0.0.1 ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion uploadFile der Datei src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. Durch das Beeinflussen des Arguments uploadFile mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
May 6th, 2025 (about 2 months ago)

CVE-2025-3020
Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting
Description: An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
May 6th, 2025 (about 2 months ago)

CVE-2024-49830
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio
Description: Memory corruption while processing an IOCTL call to set mixer controls.

CVSS: MEDIUM (6.6)

EPSS Score: 0.01%

Source: CVE
May 6th, 2025 (about 2 months ago)

CVE-2024-49829
Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Camera
Description: Memory corruption can occur during context user dumps due to inadequate checks on buffer length.

CVSS: MEDIUM (6.7)

EPSS Score: 0.01%

Source: CVE
May 6th, 2025 (about 2 months ago)

CVE-2024-45583
Use After Free in Secure Processor
Description: Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations.

CVSS: MEDIUM (6.6)

EPSS Score: 0.01%

Source: CVE
May 6th, 2025 (about 2 months ago)

CVE-2024-45581
Out-of-bounds Write in Audio
Description: Memory corruption while sound model registration for voice activation with audio kernel driver.

CVSS: MEDIUM (6.6)

EPSS Score: 0.04%

Source: CVE
May 6th, 2025 (about 2 months ago)

CVE-2024-45570
Use of Out-of-range Pointer Offset in Camera Driver
Description: Memory corruption may occur during IO configuration processing when the IO port count is invalid.

CVSS: MEDIUM (6.6)

EPSS Score: 0.01%

Source: CVE
May 6th, 2025 (about 2 months ago)