CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-47712 |
Description: A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.
EPSS Score: 0.04%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-47711 |
Nbdkit: nbdkit-server: off-by-one error when processing block status may lead to a denial of service
Description: There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.
EPSS Score: 0.04%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-4652 |
Description: The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVSS: MEDIUM (6.1) EPSS Score: 0.03%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-3582 |
Description: The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-3581 |
Description: The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
EPSS Score: 0.03%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-5861 |
Description: A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In Tenda AC7 15.03.06.44 wurde eine kritische Schwachstelle gefunden. Es geht um die Funktion fromadvsetlanip der Datei /goform/AdvSetLanip. Dank Manipulation des Arguments lanMask mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.09%
June 9th, 2025 (3 days ago)
|
|
CVE-2025-5860 |
Description: A vulnerability, which was classified as critical, was found in PHPGurukul Maid Hiring Management System 1.0. This affects an unknown part of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in PHPGurukul Maid Hiring Management System 1.0 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/search-booking-request.php. Dank der Manipulation des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03%
June 9th, 2025 (3 days ago)
|
|
Description: Laravel Pulse 1.3.1 - Arbitrary Code Injection
June 9th, 2025 (3 days ago)
|
|
|
Description: Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
June 9th, 2025 (3 days ago)
|
|
CVE-2025-5859 |
Description: A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /test-details.php. The manipulation of the argument assignto leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Nipah Virus Testing Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht näher bekannte Funktion der Datei /test-details.php. Durch Manipulieren des Arguments assignto mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
June 9th, 2025 (3 days ago)
|