CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-46436 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Sebastian Echeverry SCSS-Library allows Cross Site Request Forgery. This issue affects SCSS-Library: from n/a through 0.4.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-46435 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani Time Based Greeting allows Stored XSS. This issue affects Time Based Greeting: from n/a through 2.2.2.
CVSS: HIGH (7.1) EPSS Score: 0.02%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-46264 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Angelo Mandato PowerPress Podcasting allows Upload a Web Shell to a Web Server. This issue affects PowerPress Podcasting: from n/a through 11.12.5.
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-46261 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting allows Stored XSS. This issue affects Seriously Simple Podcasting: from n/a through 3.9.0.
CVSS: MEDIUM (5.9) EPSS Score: 0.03%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-46260 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wowDevs Sky Addons for Elementor allows Stored XSS. This issue affects Sky Addons for Elementor: from n/a through 3.0.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-46248 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in M A Vinoth Kumar Frontend Dashboard allows SQL Injection. This issue affects Frontend Dashboard: from n/a through 2.2.5.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-46234 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Razib Control Listings allows Reflected XSS. This issue affects Control Listings: from n/a through 1.0.4.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-46230 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GhozyLab Popup Builder allows PHP Local File Inclusion. This issue affects Popup Builder: from n/a through 1.1.35.
CVSS: HIGH (7.5) EPSS Score: 0.13%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-39408 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress BruteGuard – Brute Force Login Protection allows Reflected XSS. This issue affects BruteGuard – Brute Force Login Protection: from n/a through 0.1.4.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 24th, 2025 (about 2 months ago)
|
|
CVE-2025-39404 |
Description: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Heateor Support Sassy Social Share allows Phishing. This issue affects Sassy Social Share: from n/a through 3.3.73.
CVSS: MEDIUM (4.7) EPSS Score: 0.03%
April 24th, 2025 (about 2 months ago)
|