CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-5916
PAN-OS: Cleartext Exposure of External System Secrets
Description: An information exposure vulnerability in Palo Alto Networks PAN-OS software enables a local system administrator to unintentionally disclose secrets, passwords, and tokens of external systems. A read-only administrator who has access to the config log, can read secrets, passwords, and tokens to external systems.

CVSS: MEDIUM (6.0)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2024-2777
Campcodes/PHPGurukul Online Marriage Registration System application-bwdates-reports-details.php sql injection
Description: A vulnerability has been found in Campcodes/PHPGurukul Online Marriage Registration System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In Campcodes/PHPGurukul Online Marriage Registration System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalität der Datei /admin/application-bwdates-reports-details.php. Mit der Manipulation des Arguments fromdate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

SSVC Exploitation: poc

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-4135
Netgear WG302v2 ui_get_input_value command injection
Description: A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in Netgear WG302v2 bis 5.2.9 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion ui_get_input_value. Dank Manipulation des Arguments host mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden.

CVSS: MEDIUM (5.3)

EPSS Score: 1.33%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-39413
WordPress Simple Sitemap – Create a Responsive HTML Sitemap plugin <= 3.5.14 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in David Gwyer Simple Sitemap – Create a Responsive HTML Sitemap.This issue affects Simple Sitemap – Create a Responsive HTML Sitemap: from n/a through 3.5.14.

CVSS: MEDIUM (4.3)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-24091
An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and...
Description: An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.

CVSS: MEDIUM (5.5)

EPSS Score: 0.01%

Source: CVE
April 30th, 2025 (about 2 months ago)
CVE-2024-5920 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator (Severity: LOW)

CVSS: MEDIUM (4.8)

EPSS Score: 0.05%

Source: Palo Alto Networks Security Advisories
April 30th, 2025 (about 2 months ago)
CVE-2024-5916 PAN-OS: Cleartext Exposure of External System Secrets (Severity: MEDIUM)

CVSS: MEDIUM (6.0)

EPSS Score: 0.05%

Source: Palo Alto Networks Security Advisories
April 30th, 2025 (about 2 months ago)

CVE-2025-3599
Symantec Endpoint Protection Elevation of Privilege
Description: Symantec Endpoint Protection Windows Agent, running an ERASER Engine prior to 119.1.7.8, may be susceptible to an Elevation of Privilege vulnerability, which may allow an attacker to delete resources that are normally protected from an application or user.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-4122
Netgear JWNR2000v2 sub_435E04 command injection
Description: A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. Eine kritische Schwachstelle wurde in Netgear JWNR2000v2 1.0.0.11 ausgemacht. Dies betrifft die Funktion sub_435E04. Durch Beeinflussen des Arguments host mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren.

CVSS: MEDIUM (5.3)

EPSS Score: 0.32%

Source: CVE
April 30th, 2025 (about 2 months ago)

CVE-2025-32970
org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability
Description: XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that redirects to any URL. This issue has been patched in versions 15.10.13, 16.4.4, and 16.8.0.

CVSS: MEDIUM (6.1)

EPSS Score: 0.07%

Source: CVE
April 30th, 2025 (about 2 months ago)