CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
February 7th, 2025 (5 months ago)
|
|
|
February 7th, 2025 (5 months ago)
|
CVE-2025-23094 |
Description: The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and earlier could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the same privilege level as the web access process.
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2025-23093 |
Description: The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges.
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2025-22992 |
Description: A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project >= 11.6.9. The vulnerability is caused by improper handling of user-supplied input in the data query parameter, allowing attackers to execute arbitrary SQL commands under specific conditions.
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2025-22936 |
Description: An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 allows a remote attacker to obtain sensitive information via the Weak default WiFi password generation algorithm in WiFi routers.
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2025-22867 |
Description: On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special values in a "#cgo LDFLAGS" directive. This issue only affected go1.24rc2.
EPSS Score: 0.05%
February 7th, 2025 (5 months ago)
|
|
CVE-2025-22866 |
Description: Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
EPSS Score: 0.05%
February 7th, 2025 (5 months ago)
|
|
CVE-2025-0522 |
Description: The LikeBot WordPress plugin through 0.85 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-57673 |
Description: An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|