CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5539 |
Description: The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
June 4th, 2025 (10 days ago)
|
|
CVE-2025-20996 |
Description: Improper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 allows local attackers to read data with the privilege of Smart Switch. User interaction is required for triggering this vulnerability.
CVSS: MEDIUM (5.0) EPSS Score: 0.01%
June 4th, 2025 (10 days ago)
|
|
CVE-2025-20995 |
Description: Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files.
CVSS: MEDIUM (4.9) EPSS Score: 0.02%
June 4th, 2025 (10 days ago)
|
|
CVE-2025-20994 |
Description: Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files.
CVSS: MEDIUM (4.5) EPSS Score: 0.01%
June 4th, 2025 (10 days ago)
|
|
CVE-2025-20993 |
Description: Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory.
CVSS: MEDIUM (4.0) EPSS Score: 0.02%
June 4th, 2025 (10 days ago)
|
|
CVE-2025-20992 |
Description: Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory.
CVSS: MEDIUM (4.0) EPSS Score: 0.02%
June 4th, 2025 (10 days ago)
|
|
CVE-2025-20991 |
Description: Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable.
CVSS: MEDIUM (4.0) EPSS Score: 0.02%
June 4th, 2025 (10 days ago)
|
|
CVE-2025-20989 |
Description: Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key.
CVSS: MEDIUM (5.2) EPSS Score: 0.02%
June 4th, 2025 (10 days ago)
|
|
CVE-2025-20988 |
Description: Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.
CVSS: MEDIUM (5.5) EPSS Score: 0.01%
June 4th, 2025 (10 days ago)
|
|
CVE-2025-20987 |
Description: Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token.
CVSS: MEDIUM (5.2) EPSS Score: 0.02%
June 4th, 2025 (10 days ago)
|