CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-27264 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Doctor Appointment Booking allows PHP Local File Inclusion. This issue affects Doctor Appointment Booking: from n/a through 1.0.0.
CVSS: HIGH (7.5) EPSS Score: 0.12%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-27263 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Doctor Appointment Booking allows SQL Injection. This issue affects Doctor Appointment Booking: from n/a through 1.0.0.
CVSS: HIGH (8.5) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-26999 |
Description: Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid allows Object Injection. This issue affects ProfileGrid : from n/a through 5.9.4.3.
CVSS: HIGH (8.8) EPSS Score: 0.06%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-26994 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Price Calculator & Cost Estimation Form Builder Lite allows Stored XSS. This issue affects Zigaform – Price Calculator & Cost Estimation Form Builder Lite: from n/a through 7.4.2.
CVSS: HIGH (7.1) EPSS Score: 0.03%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-26989 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Form Builder Lite allows Stored XSS. This issue affects Zigaform – Form Builder Lite: from n/a through 7.4.2.
CVSS: HIGH (7.1) EPSS Score: 0.03%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-26988 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows SQL Injection. This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.7.8.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-26984 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozy Vision SMS Alert Order Notifications – WooCommerce allows Reflected XSS. This issue affects SMS Alert Order Notifications – WooCommerce: from n/a through 3.7.8.
CVSS: HIGH (7.1) EPSS Score: 0.03%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-26970 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Ark Theme Core allows Code Injection. This issue affects Ark Theme Core: from n/a through 1.70.0.
CVSS: CRITICAL (10.0) EPSS Score: 0.07%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-26967 |
Description: Deserialization of Untrusted Data vulnerability in Stiofan Events Calendar for GeoDirectory allows Object Injection. This issue affects Events Calendar for GeoDirectory: from n/a through 2.3.14.
CVSS: HIGH (8.8) EPSS Score: 0.06%
March 3rd, 2025 (4 months ago)
|
|
CVE-2025-26918 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Unishippers Edition allows Reflected XSS. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.9.
CVSS: HIGH (7.1) EPSS Score: 0.03%
March 3rd, 2025 (4 months ago)
|