CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-27419

Description: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Denial of Service (DoS) vulnerability exists in WeGIA. This vulnerability allows any unauthenticated user to cause the server to become unresponsive by performing aggressive spidering. The vulnerability is caused by recursive crawling of dynamically generated URLs and insufficient handling of large volumes of requests. This vulnerability is fixed in 3.2.16.

CVSS: CRITICAL (9.2)

EPSS Score: 0.13%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-27418

Description: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the adicionar_tipo_atendido.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the tipo parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.16.

CVSS: MEDIUM (6.4)

EPSS Score: 0.06%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-27417

Description: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the adicionar_status_atendido.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the status parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.16.

CVSS: MEDIUM (6.4)

EPSS Score: 0.06%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-25303

Description: The MouseTooltipTranslator Chrome extension allows mouseover translation of any language at once. The MouseTooltipTranslator browser extension is vulnerable to SSRF attacks. The pdf.mjs script uses the URL parameter from the current URL as the file to download and display to the extension user. Because pdf.mjs is imported in viewer.html and viewer.html is accessible to all URLs, an attacker can force the user’s browser to make a request to any arbitrary URL. After discussion with maintainer, patching this issue would require disabling a major feature of the extension in exchange for a low severity vulnerability. Decision to not patch issue.

CVSS: MEDIUM (6.9)

EPSS Score: 0.06%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-25302

Description: Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the CORS middleware is setup incorrectly. All origins are reflected, which allows any website to send cross site requests to the rembg server and thus query any API. Even if authentication were to be enabled, allow_credentials is set to True, which would allow any website to send authenticated cross site requests.

CVSS: HIGH (8.7)

EPSS Score: 0.01%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-25301

Description: Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg server. This issue may lead to Information Disclosure.

CVSS: MEDIUM (6.9)

EPSS Score: 0.05%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-0555

Description: A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.

CVSS: HIGH (7.7)

EPSS Score: 0.07%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-0289

Description: Paragon Partition Manager version 17, both community and Business versions, contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service.

EPSS Score: 0.05%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-0288

Description: Paragon Partition Manager version 7.9.1 contains an arbitrary kernel memory vulnerability facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation.

EPSS Score: 0.05%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-0287

Description: Paragon Partition Manager version 7.9.1 contains a null pointer dereference vulnerability within biontdrv.sys that is caused by a lack of a valid MasterLrp structure in the input buffer, allowing an attacker to execute arbitrary code in the kernel, facilitating privilege escalation.

EPSS Score: 0.02%

Source: CVE
March 3rd, 2025 (4 months ago)