CyberAlerts

CVE-2025-31201

Apple Multiple Products Arbitrary Read and Write Vulnerability

Description: Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.

CVSS: MEDIUM (6.8)

EPSS Score: 0.5%

Source: CISA KEV

April 17th, 2025 (1 day ago)

CVE-2025-24054

Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability

Description: Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network.

CVSS: MEDIUM (6.5)

Source: CISA KEV

April 17th, 2025 (1 day ago)

CVE-2025-43014

In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation

Description: In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation

CVSS: MEDIUM (6.1)

EPSS Score: 0.0%

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-43013

In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible

Description: In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible

CVSS: MEDIUM (6.9)

EPSS Score: 0.0%

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-42921

In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin

Description: In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin

CVSS: MEDIUM (4.2)

EPSS Score: 0.0%

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-39580

WordPress Dashi <= 3.1.8 - Broken Access Control Vulnerability

Description: Missing Authorization vulnerability in jidaikobo Dashi allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dashi: from n/a through 3.1.8.

CVSS: MEDIUM (5.8)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-39562

WordPress Payment Form for PayPal Pro <= 1.1.72 - Cross Site Scripting (XSS) Vulnerability

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro allows Stored XSS. This issue affects Payment Form for PayPal Pro: from n/a through 1.1.72.

CVSS: MEDIUM (5.9)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-39559

WordPress Bring Fraktguiden for WooCommerce plugin <= 1.11.4 - Broken Access Control vulnerability

Description: Missing Authorization vulnerability in Eivin Landa Bring Fraktguiden for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bring Fraktguiden for WooCommerce: from n/a through 1.11.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-39554

WordPress AI Text to Speech plugin <= 3.0.3 - Broken Access Control vulnerability

Description: Missing Authorization vulnerability in Elliot Sowersby / RelyWP AI Text to Speech allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AI Text to Speech: from n/a through 3.0.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE

April 17th, 2025 (1 day ago)

CVE-2025-39457

WordPress Booking and Rental Manager plugin <= 2.2.8 - Broken Access Control vulnerability

Description: Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Booking and Rental Manager: from n/a through 2.2.8.

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

Source: CVE

April 17th, 2025 (1 day ago)

Threat and Vulnerability Intelligence Database

Example Searches: