CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-46190	SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter. Description: SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter. EPSS Score: 0.04% Source: CVE May 9th, 2025 (about 2 months ago)
CVE-2025-46189	SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter. Description: SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter. EPSS Score: 0.04% Source: CVE May 9th, 2025 (about 2 months ago)
CVE-2025-4432	Ring: some aes functions may panic when overflow checking is enabled in ring Description: A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received. EPSS Score: 0.13% SSVC Exploitation: none Source: CVE May 9th, 2025 (about 2 months ago)
CVE-2025-29509	Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening... Description: Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal(). EPSS Score: 0.15% Source: CVE May 9th, 2025 (about 2 months ago)
	Alleged Sale of Webmail Access to an Unidentified UK ISP Description: Alleged Sale of Webmail Access to an Unidentified UK ISP Source: DarkWebInformer May 9th, 2025 (about 2 months ago)
	Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades Description: Japanese finance regulators said that in April alone, nine securities firms reported 2,746 fraudulent transactions conducted through nearly 5,000 accounts that were breached by hackers. Source: The Record May 9th, 2025 (about 2 months ago)
	Commvault: Vulnerability Patch Works as Intended Description: The security researcher who questioned the effectiveness of a patch for recently disclosed bug in Commvault Command Center did not test patched version, the company says. Source: Dark Reading May 9th, 2025 (about 2 months ago)
	Insight Partners Data Breach: Bigger Impact Than Anticipated Description: The investigation is ongoing, but the VC giant intends to inform affected customers on a rolling basis as more of the breach details come to light. Source: Dark Reading May 9th, 2025 (about 2 months ago)
CVE-2025-46193	SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in... Description: SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php. EPSS Score: 0.34% Source: CVE May 9th, 2025 (about 2 months ago)
CVE-2025-45513	Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter. Description: Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter. EPSS Score: 0.05% Source: CVE May 9th, 2025 (about 2 months ago)