CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-23072	XSS in Special:RefreshSpecial Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RefreshSpecial Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - RefreshSpecial Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. EPSS Score: 0.04% Source: CVE January 15th, 2025 (6 months ago)
CVE-2025-22984	An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive... Description: An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. EPSS Score: 0.04% Source: CVE January 15th, 2025 (6 months ago)
CVE-2025-22983	An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive... Description: An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. EPSS Score: 0.04% Source: CVE January 15th, 2025 (6 months ago)
CVE-2024-7344	Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. Description: Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. EPSS Score: 0.04% Source: CVE January 15th, 2025 (6 months ago)
CVE-2024-57767	MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download. Description: MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download. EPSS Score: 0.04% Source: CVE January 15th, 2025 (6 months ago)
CVE-2024-57766	MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField. Description: MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField. EPSS Score: 0.04% Source: CVE January 15th, 2025 (6 months ago)
CVE-2024-57765	MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list. Description: MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list. EPSS Score: 0.04% Source: CVE January 15th, 2025 (6 months ago)
CVE-2024-57764	MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add. Description: MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add. EPSS Score: 0.04% Source: CVE January 15th, 2025 (6 months ago)
CVE-2024-57763	MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField. Description: MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField. EPSS Score: 0.04% Source: CVE January 15th, 2025 (6 months ago)
CVE-2024-57762	MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file. Description: MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file. EPSS Score: 0.04% Source: CVE January 15th, 2025 (6 months ago)