CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26908 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gurmehub Kargo Entegratör allows SQL Injection. This issue affects Kargo Entegratör: from n/a through 1.1.14.
CVSS: HIGH (7.6) EPSS Score: 0.04%
April 15th, 2025 (2 months ago)
|
|
CVE-2025-26906 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ren Ventura WP Delete User Accounts allows DOM-Based XSS. This issue affects WP Delete User Accounts: from n/a through 1.2.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 15th, 2025 (2 months ago)
|
|
CVE-2025-26903 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in RealMag777 InPost Gallery allows Cross Site Request Forgery. This issue affects InPost Gallery: from n/a through 2.1.4.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
April 15th, 2025 (2 months ago)
|
|
CVE-2025-26880 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Skill Bar allows Stored XSS. This issue affects SKT Skill Bar: from n/a through 2.3.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 15th, 2025 (2 months ago)
|
|
CVE-2025-26870 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound JetEngine allows DOM-Based XSS. This issue affects JetEngine: from n/a through 3.6.4.1.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 15th, 2025 (2 months ago)
|
|
CVE-2025-26749 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce allows Stored XSS. This issue affects Additional Custom Product Tabs for WooCommerce: from n/a through 1.7.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 15th, 2025 (2 months ago)
|
|
CVE-2025-26748 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe allows PHP Local File Inclusion. This issue affects Arkhe: from n/a through 3.11.0.
CVSS: HIGH (8.1) EPSS Score: 0.03%
April 15th, 2025 (2 months ago)
|
|
CVE-2025-26746 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Advanced Custom Fields: Link Picker Field allows Reflected XSS. This issue affects Advanced Custom Fields: Link Picker Field: from n/a through 1.2.8.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 15th, 2025 (2 months ago)
|
|
CVE-2025-26740 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in burgersoftware SpaBiz allows DOM-Based XSS. This issue affects SpaBiz: from n/a through 1.0.18.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
April 15th, 2025 (2 months ago)
|
|
CVE-2025-26730 |
Description: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Email Optin & Data: from n/a through 1.0.
CVSS: HIGH (7.5) EPSS Score: 0.04%
April 15th, 2025 (2 months ago)
|