CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-49254 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika allows PHP Local File Inclusion. This issue affects Nika: from n/a through 1.2.8.
CVSS: HIGH (8.1) EPSS Score: 0.15%
June 17th, 2025 (7 days ago)
|
|
CVE-2025-49253 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Lasa allows PHP Local File Inclusion. This issue affects Lasa: from n/a through 1.1.
CVSS: HIGH (8.1) EPSS Score: 0.15%
June 17th, 2025 (7 days ago)
|
|
CVE-2025-49252 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa allows PHP Local File Inclusion. This issue affects Besa: from n/a through 2.3.8.
CVSS: HIGH (8.1) EPSS Score: 0.15%
June 17th, 2025 (7 days ago)
|
|
CVE-2025-49251 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana allows PHP Local File Inclusion. This issue affects Fana: from n/a through 1.1.28.
CVSS: HIGH (8.1) EPSS Score: 0.15%
June 17th, 2025 (7 days ago)
|
|
CVE-2025-49234 |
Description: Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Dummy Content Generator: from n/a through 3.4.6.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
June 17th, 2025 (7 days ago)
|
|
CVE-2025-49180 |
Description: A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
EPSS Score: 0.01% SSVC Exploitation: none
June 17th, 2025 (7 days ago)
|
|
CVE-2025-49071 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen allows Upload a Web Shell to a Web Server. This issue affects Flozen: from n/a through n/a.
CVSS: CRITICAL (10.0) EPSS Score: 0.06%
June 17th, 2025 (7 days ago)
|
|
CVE-2025-48333 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPQuark eForm - WordPress Form Builder allows Reflected XSS. This issue affects eForm - WordPress Form Builder: from n/a through n/a.
CVSS: HIGH (7.1) EPSS Score: 0.04%
June 17th, 2025 (7 days ago)
|
|
CVE-2025-48274 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.3.2.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
June 17th, 2025 (7 days ago)
|
|
CVE-2025-48145 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michal Jaworski Track, Analyze & Optimize by WP Tao allows Reflected XSS. This issue affects Track, Analyze & Optimize by WP Tao: from n/a through 1.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
June 17th, 2025 (7 days ago)
|