CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-26136
A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.
Description: A SQL injection vulnerability exists in mysiteforme versions prior to 2025.01.1.

EPSS Score: 0.04%

Source: CVE
March 4th, 2025 (4 months ago)

CVE-2025-25426
yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface.
Description: yshopmall <=v1.9.0 is vulnerable to SQL Injection in the image listing interface.

EPSS Score: 0.04%

Source: CVE
March 4th, 2025 (4 months ago)

CVE-2025-1956
code-projects Shopping Portal Login index.php sql injection
Description: A vulnerability classified as critical has been found in code-projects Shopping Portal 1.0. This affects an unknown part of the file /Shopping/Admin/index.php of the component Login. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in code-projects Shopping Portal 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /Shopping/Admin/index.php der Komponente Login. Mittels Manipulieren des Arguments password mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.05%

Source: CVE
March 4th, 2025 (4 months ago)

CVE-2024-55563
Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the...
Description: Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents propagation of certain Lightning channel transactions.

CVSS: MEDIUM (5.3)

EPSS Score: 0.09%

SSVC Exploitation: none

Source: CVE
March 4th, 2025 (4 months ago)

CVE-2024-2931
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184...
Description: The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract retrieve a list of all user email addresses who are registered on the site.

CVSS: MEDIUM (4.3)

EPSS Score: 0.24%

SSVC Exploitation: none

Source: CVE
March 4th, 2025 (4 months ago)

CVE-2024-24581
Arkcompiler runtime has an out-of-bounds write vulnerability
Description: in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution through out-of-bounds write.

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE
March 4th, 2025 (4 months ago)
BeyondTrust Pathfinder Delivers a One-Platform Approach to Identity-Centric Security
Source: Dark Reading
March 4th, 2025 (4 months ago)
Glide Identity Partners With Google Cloud and Major Telcos
Source: Dark Reading
March 4th, 2025 (4 months ago)
3 VMware Zero-Day Bugs Allow Sandbox Escape
Description: The now-patched bugs are under active exploit and enable attackers to carry out a wide range of malicious activities, including escaping a virtual machine and gaining access to the underlying host.
Source: Dark Reading
March 4th, 2025 (4 months ago)
ZeroSevenGroup is Claiming to Sell Admin Access to an Unidentified Holding Company in the UAE
Description: ZeroSevenGroup is Claiming to Sell Admin Access to an Unidentified Holding Company in the UAE
Source: DarkWebInformer
March 4th, 2025 (4 months ago)