CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-25953

Description: Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-25952

Description: An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted API request.

EPSS Score: 0.03%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-25951

Description: An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information.

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-25950

Description: Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

EPSS Score: 0.03%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-25949

Description: A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update.

EPSS Score: 0.03%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-25948

Description: Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-1843

Description: A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20250211. This issue affects the function select of the file com/xq/tmall/dao/ProductMapper.java. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in Mini-Tmall bis 20250211 entdeckt. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion select der Datei com/xq/tmall/dao/ProductMapper.java. Durch das Beeinflussen des Arguments orderBy mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-1842

Description: A vulnerability classified as problematic was found in FITSTATS Technologies AthleteMonitoring up to 20250302. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In FITSTATS Technologies AthleteMonitoring bis 20250302 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /login.php. Durch Manipulieren des Arguments username mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-27579

Description: In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratumUser) for a Bitaxe Bitcoin miner, or change the frequency and voltage settings.

CVSS: MEDIUM (5.4)

EPSS Score: 0.03%

Source: CVE
March 3rd, 2025 (4 months ago)

CVE-2025-1840

Description: A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been rated as critical. Affected by this issue is some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the argument flowId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in ESAFENET CDG 5.6.3.154.205 ausgemacht. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /CDGServer3/workflowE/useractivate/updateorg.jsp. Mittels Manipulieren des Arguments flowId mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.05%

Source: CVE
March 3rd, 2025 (4 months ago)