CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-23246 |
Description: NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to consume uncontrolled resources. A successful exploit of this vulnerability might lead to denial of service.
CVSS: MEDIUM (5.5) EPSS Score: 0.01% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-23245 |
Description: NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of service.
CVSS: MEDIUM (5.5) EPSS Score: 0.01% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-2168 |
Description: The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1. This is due to missing or incorrect nonce validation on the dismiss() function. This makes it possible for unauthenticated attackers to set arbitrary user meta values to `1` which can be leveraged to lock and administrator out of their site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (4.3) EPSS Score: 0.01% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2025-1529 |
Description: The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded lottie files in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2024-6558 |
Description: HMS Industrial Networks
Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by host browser the next time the page is loaded, enabling social engineering attacks.
CVSS: MEDIUM (6.3) EPSS Score: 0.1% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2024-52979 |
Description: Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.
CVSS: MEDIUM (6.5) EPSS Score: 0.04% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2024-52976 |
Description: Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection.
An attacker requires local access and the ability to modify osqueryd configurations.
CVSS: MEDIUM (4.4) EPSS Score: 0.02% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2024-39876 |
Description: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device.
CVSS: MEDIUM (4.0) EPSS Score: 0.11% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2024-39875 |
Description: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships.
CVSS: MEDIUM (4.3) EPSS Score: 0.09% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|
|
CVE-2024-39871 |
Description: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. This could allow an authenticated attacker with the permission to manage devices to gain access to participant groups that the attacked does not belong to.
CVSS: MEDIUM (6.3) EPSS Score: 0.09% SSVC Exploitation: none
May 1st, 2025 (about 2 months ago)
|