CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-46575
ZTE GoldenDB Database product has an information disclosure vulnerability
Description: There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.

CVSS: MEDIUM (4.9)

EPSS Score: 0.04%

Source: CVE
April 27th, 2025 (2 months ago)

CVE-2025-46574
ZTE GoldenDB Database product has an input validation vulnerability
Description: There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain the system's sensitive information.

CVSS: MEDIUM (4.1)

EPSS Score: 0.09%

Source: CVE
April 27th, 2025 (2 months ago)

CVE-2025-3956
201206030 novel-cloud BookInfoMapper.xml RestResp sql injection
Description: A vulnerability has been found in 201206030 novel-cloud 1.4.0 and classified as critical. This vulnerability affects the function RestResp of the file novel-cloud-master/novel-book/novel-book-service/src/main/resources/mapper/BookInfoMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In 201206030 novel-cloud 1.4.0 wurde eine kritische Schwachstelle gefunden. Betroffen ist die Funktion RestResp der Datei novel-cloud-master/novel-book/novel-book-service/src/main/resources/mapper/BookInfoMapper.xml. Durch Manipulieren mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

Source: CVE
April 27th, 2025 (2 months ago)

CVE-2025-3954
ChurchCRM Referer server-side request forgery
Description: A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the component Referer Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine problematische Schwachstelle wurde in ChurchCRM 5.16.0 entdeckt. Davon betroffen ist unbekannter Code der Komponente Referer Handler. Mittels Manipulieren mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.04%

Source: CVE
April 26th, 2025 (2 months ago)

CVE-2025-46655
CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed...
Description: CodiMD through 2.5.4 has a CSP-based protection mechanism against XSS through uploaded SVG documents containing JavaScript, but it can be bypassed in certain cases of different-origin file storage, such as AWS S3. NOTE: it can be considered a user error if AWS is employed for hosting untrusted JavaScript content, but the selected architecture within AWS does not have components that are able to insert Content-Security-Policy headers.

CVSS: MEDIUM (4.9)

EPSS Score: 0.03%

Source: CVE
April 26th, 2025 (2 months ago)

CVE-2025-46654
CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a...
Description: CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.

CVSS: MEDIUM (4.9)

EPSS Score: 0.03%

Source: CVE
April 26th, 2025 (2 months ago)

CVE-2025-46652
In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears...
Description: In IZArc through 4.5, there is a Mark-of-the-Web Bypass Vulnerability. When a user performs an extraction from an archive file that bears Mark-of-the-Web, Mark-of-the-Web is not propagated to the extracted files.

CVSS: MEDIUM (6.1)

EPSS Score: 0.03%

Source: CVE
April 26th, 2025 (2 months ago)

CVE-2025-46646
In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an...
Description: In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.

CVSS: MEDIUM (4.5)

EPSS Score: 0.02%

Source: CVE
April 26th, 2025 (2 months ago)

CVE-2024-53636
An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to...
Description: An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.0.118 allows attackers to execute arbitrary code via ../ in the filePath parameter.

CVSS: MEDIUM (6.4)

EPSS Score: 0.07%

Source: CVE
April 26th, 2025 (2 months ago)

CVE-2024-13812
Anps Theme plugin <= 1.1.1 - Unauthenticated Arbitrary Shortcode Execution
Description: The The Anps Theme plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.1.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

CVSS: MEDIUM (6.5)

EPSS Score: 0.15%

Source: CVE
April 26th, 2025 (2 months ago)