CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-46261 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting allows Stored XSS. This issue affects Seriously Simple Podcasting: from n/a through 3.9.0.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
April 24th, 2025 (2 months ago)
|
|
CVE-2025-46260 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS. This issue affects Sky Addons for Elementor: from n/a through 3.0.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 24th, 2025 (2 months ago)
|
|
CVE-2025-39404 |
Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Heateor Support Sassy Social Share allows Phishing. This issue affects Sassy Social Share: from n/a through 3.3.73.
CVSS: MEDIUM (4.7) EPSS Score: 0.03%
April 24th, 2025 (2 months ago)
|
|
CVE-2025-39390 |
Description: Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Booking and Rental Manager: from n/a through 2.3.8.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
April 24th, 2025 (2 months ago)
|
|
CVE-2025-39385 |
Description: Missing Authorization vulnerability in VW Themes Sirat allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sirat: from n/a through 1.5.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
April 24th, 2025 (2 months ago)
|
|
CVE-2024-30148 |
Description: Improper access control of endpoint in HCL Leap
allows certain admin users to import applications from the
server's filesystem.
CVSS: MEDIUM (4.1) EPSS Score: 0.04%
April 24th, 2025 (2 months ago)
|
|
CVE-2024-30147 |
Description: Multiple vectors in HCL Leap allow client-side
script injection in the authoring environment and deployed applications.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 24th, 2025 (2 months ago)
|
|
CVE-2024-30113 |
Description: Insufficient sanitization policy in HCL Leap
allows client-side script injection in the deployed application through the
HTML widget.
CVSS: MEDIUM (6.3) EPSS Score: 0.03%
April 24th, 2025 (2 months ago)
|
|
Description: Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-93mv-x874-956g. This link is maintained to preserve external references.
Original Description
The unsafe globals in Picklescan before 0.0.25 do not include ssl. Consequently, ssl.get_server_certificate can exfiltrate data via DNS after deserialization.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-46417
https://github.com/mmaitre314/picklescan/pull/40
https://github.com/advisories/GHSA-93mv-x874-956g
https://github.com/advisories/GHSA-4p4h-9gvq-7xfg
CVSS: MEDIUM (6.8) EPSS Score: 0.02%
April 24th, 2025 (2 months ago)
|
|
|
Description: Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.10 fail to properly validate the props used by the RetrospectivePost custom post type in the Playbooks plugin, which allows an attacker to create a specially crafted post with maliciously crafted props and cause a denial of service (DoS) of the web app for all users.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-41395
https://mattermost.com/security-updates
https://github.com/mattermost/mattermost-plugin-playbooks/commit/4c823090e281cb9c0d5c17ee2e5db275117540d1
https://github.com/mattermost/mattermost/commit/2b5275d87136f07e016c8eca09a2f004b31afc8a
https://github.com/advisories/GHSA-3g36-gf7c-75qw
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
April 24th, 2025 (2 months ago)
|