CyberAlerts

CVE-2025-3707

Description: The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

May 2nd, 2025 (about 2 months ago)

CVE-2025-3670

KiwiChat NextClient <= 6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter

Description: The KiwiChat NextClient plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE

May 2nd, 2025 (about 2 months ago)

CVE-2025-29825

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Description: User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVSS: MEDIUM (6.5)

EPSS Score: 0.07%

Source: CVE

May 2nd, 2025 (about 2 months ago)

CVE-2025-2880

Yame | Link In Bio <= 0.9.0 - Unauthenticated Information Exposure

Description: The Yame | Link In Bio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE

May 2nd, 2025 (about 2 months ago)

CVE-2024-55913

IBM Concert Software path traversal

Description: IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.

CVSS: MEDIUM (5.3)

EPSS Score: 0.06%

Source: CVE

May 2nd, 2025 (about 2 months ago)

CVE-2024-55912

IBM Concert Software information disclosure

Description: IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CVSS: MEDIUM (5.9)

EPSS Score: 0.02%

Source: CVE

May 2nd, 2025 (about 2 months ago)

CVE-2024-55910

IBM Concert Software server-side request forgery

Description: IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

May 2nd, 2025 (about 2 months ago)

CVE-2024-55909

IBM Concert Software denial of service

Description: IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource consumption.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

May 2nd, 2025 (about 2 months ago)

CVE-2025-4185

Wangshen SecGate 3600 g=obj_area_export_save path traversal

Description: A vulnerability, which was classified as critical, has been found in Wangshen SecGate 3600 2024. This issue affects some unknown processing of the file ?g=obj_area_export_save. The manipulation of the argument file_name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in Wangshen SecGate 3600 2024 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei ?g=obj_area_export_save. Mit der Manipulation des Arguments file_name mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.05%

Source: CVE

May 2nd, 2025 (about 2 months ago)

CVE-2025-4181

PCMan FTP Server SEND Command buffer overflow

Description: A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SEND Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In PCMan FTP Server 2.0.7 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Komponente SEND Command Handler. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.06%

Source: CVE

May 1st, 2025 (about 2 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-3707	Sunnet eHRD CTMS - SQL Injection Description: The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE May 2nd, 2025 (about 2 months ago)
CVE-2025-3670	KiwiChat NextClient <= 6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter Description: The KiwiChat NextClient plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVSS: MEDIUM (6.4) EPSS Score: 0.03% Source: CVE May 2nd, 2025 (about 2 months ago)
CVE-2025-29825	Microsoft Edge (Chromium-based) Spoofing Vulnerability Description: User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. CVSS: MEDIUM (6.5) EPSS Score: 0.07% Source: CVE May 2nd, 2025 (about 2 months ago)
CVE-2025-2880	Yame \| Link In Bio <= 0.9.0 - Unauthenticated Information Exposure Description: The Yame \| Link In Bio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file. CVSS: MEDIUM (5.3) EPSS Score: 0.05% Source: CVE May 2nd, 2025 (about 2 months ago)
CVE-2024-55913	IBM Concert Software path traversal Description: IBM Concert Software 1.0.0 through 1.0.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. CVSS: MEDIUM (5.3) EPSS Score: 0.06% Source: CVE May 2nd, 2025 (about 2 months ago)
CVE-2024-55912	IBM Concert Software information disclosure Description: IBM Concert Software 1.0.0 through 1.0.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. CVSS: MEDIUM (5.9) EPSS Score: 0.02% Source: CVE May 2nd, 2025 (about 2 months ago)
CVE-2024-55910	IBM Concert Software server-side request forgery Description: IBM Concert Software 1.0.0 through 1.0.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. CVSS: MEDIUM (6.5) EPSS Score: 0.03% Source: CVE May 2nd, 2025 (about 2 months ago)
CVE-2024-55909	IBM Concert Software denial of service Description: IBM Concert Software 1.0.0 through 1.0.5 could allow an authenticated user to cause a denial of service due to the expansion of archive files without controlling resource consumption. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE May 2nd, 2025 (about 2 months ago)
CVE-2025-4185	Wangshen SecGate 3600 g=obj_area_export_save path traversal Description: A vulnerability, which was classified as critical, has been found in Wangshen SecGate 3600 2024. This issue affects some unknown processing of the file ?g=obj_area_export_save. The manipulation of the argument file_name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in Wangshen SecGate 3600 2024 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei ?g=obj_area_export_save. Mit der Manipulation des Arguments file_name mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.3) EPSS Score: 0.05% Source: CVE May 2nd, 2025 (about 2 months ago)
CVE-2025-4181	PCMan FTP Server SEND Command buffer overflow Description: A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SEND Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In PCMan FTP Server 2.0.7 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Komponente SEND Command Handler. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.9) EPSS Score: 0.06% Source: CVE May 1st, 2025 (about 2 months ago)