CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-2068 |
Description: An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user.
CVSS: MEDIUM (5.1) EPSS Score: 0.01%
April 25th, 2025 (2 months ago)
|
|
CVE-2024-56156 |
Description: Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. This issue has been patched in version 2.20.13.
CVSS: MEDIUM (5.5) EPSS Score: 0.28%
April 25th, 2025 (2 months ago)
|
|
Description: CNCF K3s 1.32 before 1.32.4-rc1+k3s1 has a Kubernetes kubelet configuration change with the unintended consequence that, in some situations, ReadOnlyPort is set to 10255. For example, the default behavior of a K3s online installation might allow unauthenticated access to this port, exposing credentials.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-46599
https://github.com/f1veT/BUG/issues/2
https://github.com/k3s-io/k3s/issues/12164
https://github.com/k3s-io/k3s/commit/097b63e588e3c844cdf9b967bcd0a69f4fc0aa0a
https://cloud.google.com/kubernetes-engine/docs/how-to/disable-kubelet-readonly-port
https://github.com/k3s-io/k3s/compare/v1.32.3+k3s1...v1.32.4-rc1+k3s1
https://github.com/advisories/GHSA-864f-7xjm-2jp2
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
April 25th, 2025 (2 months ago)
|
|
CVE-2025-46433 |
Description: In JetBrains TeamCity before 2025.03.1 improper path validation in loggingPreset parameter was possible
CVSS: MEDIUM (4.9) EPSS Score: 0.0%
April 25th, 2025 (2 months ago)
|
|
CVE-2025-46432 |
Description: In JetBrains TeamCity before 2025.03.1 base64-encoded credentials could be exposed in build logs
CVSS: MEDIUM (4.3) EPSS Score: 0.0%
April 25th, 2025 (2 months ago)
|
|
CVE-2025-43016 |
Description: In JetBrains Rider before 2025.1.2 custom archive unpacker allowed arbitrary file overwrite during remote debug session
CVSS: MEDIUM (5.4) EPSS Score: 0.0%
April 25th, 2025 (2 months ago)
|
|
CVE-2025-28354 |
Description: An issue in the Printer Manager Systm of Entrust Corp Printer Manager D3.18.4-3 and below allows attackers to execute a directory traversal via a crafted POST request.
CVSS: MEDIUM (6.5) EPSS Score: 0.07%
April 25th, 2025 (2 months ago)
|
|
CVE-2025-3912 |
Description: The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_config' function in all versions up to, and including, 1.10.35. This makes it possible for unauthenticated attackers to read the value of the plugin's settings, including API keys for integrated services.
CVSS: MEDIUM (5.3) EPSS Score: 0.06%
April 25th, 2025 (2 months ago)
|
|
CVE-2025-2986 |
Description: IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS: MEDIUM (5.5) EPSS Score: 0.03%
April 25th, 2025 (2 months ago)
|
|
CVE-2025-46535 |
Description: Missing Authorization vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login and Registration: from n/a through 1.0.0.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
April 25th, 2025 (2 months ago)
|