CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-57234 |
Description: NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
CVSS: MEDIUM (6.5) EPSS Score: 1.43%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2024-57233 |
Description: NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
CVSS: MEDIUM (6.5) EPSS Score: 1.43%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2024-11615 |
Description: The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the 'zetra_deleteLanguageFile' and 'zetra_deleteFontsFile' functions. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for unauthenticated attackers to delete language files.
CVSS: MEDIUM (5.3) EPSS Score: 0.29% SSVC Exploitation: none
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-45320 |
Description: A Directory Listing Vulnerability was found in the /osms/Requester/ directory of the Kashipara Online Service Management Portal V1.0.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-27921 |
Description: A reflected cross-site scripting (XSS) vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input is reflected back into the browser without proper sanitization or encoding.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-25504 |
Description: An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges.
CVSS: MEDIUM (6.5) EPSS Score: 0.1%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-4316 |
Description: Improper access control in PAM feature in Devolutions Server 2025.1.6.0 and earlier allows a PAM user to self approve their PAM requests even if disallowed by the configured policy via specific user interface actions.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-4247 |
Description: A vulnerability, which was classified as critical, was found in SourceCodester Simple To-Do List System 1.0. Affected is an unknown function of the file /delete_task.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in SourceCodester Simple To-Do List System 1.0 gefunden. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /delete_task.php. Durch Manipulation des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.03% SSVC Exploitation: poc
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-47268 |
Description: ping in iputils through 20240905 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.
CVSS: MEDIUM (6.5) EPSS Score: 0.05% SSVC Exploitation: poc
May 5th, 2025 (about 2 months ago)
|
|
CVE-2025-45751 |
Description: SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add-admin.php via the Fullname text field.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
May 5th, 2025 (about 2 months ago)
|