CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-45240 |
Description: foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-43915 |
Description: In Buoyant Edge releases before edge-25.2.1 and Enterprise for Linkerd releases 2.16.* before 2.16.5, 2.17.* before 2.17.2, and 2.18.* before 2.18.0, resource exhaustion can occur for Linkerd proxy metrics.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-4281 |
Description: A vulnerability, which was classified as problematic, was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This affects an unknown part of the file /api/GylOperator/LoadData. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /api/GylOperator/LoadData. Mittels dem Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (4.3) EPSS Score: 0.03% SSVC Exploitation: poc
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-26241 |
Description: A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-1992 |
Description: IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user, under non default configurations, to cause a denial of service due to insufficient release of allocated memory after usage.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2024-57235 |
Description: NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.
CVSS: MEDIUM (6.5) EPSS Score: 1.43%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2024-57234 |
Description: NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVSS: MEDIUM (6.5) EPSS Score: 1.43%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2024-57233 |
Description: NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVSS: MEDIUM (6.5) EPSS Score: 1.43%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2024-11615 |
Description: The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the 'zetra_deleteLanguageFile' and 'zetra_deleteFontsFile' functions. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for unauthenticated attackers to delete language files.
CVSS: MEDIUM (5.3) EPSS Score: 0.29% SSVC Exploitation: none
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-45320 |
Description: A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 5th, 2025 (about 2 months ago)
|