CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-25610 |
Description: TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_gw parameter in the formIpv6Setup interface of /bin/boa.
EPSS Score: 0.03%
February 28th, 2025 (4 months ago)
|
|
CVE-2025-25609 |
Description: TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the static_ipv6 parameter in the formIpv6Setup interface of /bin/boa
EPSS Score: 0.03%
February 28th, 2025 (4 months ago)
|
|
CVE-2025-25431 |
Description: Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the The ssid key of wifi_data parameter on the /captive_portal.htm page.
EPSS Score: 0.03%
February 28th, 2025 (4 months ago)
|
|
CVE-2025-25430 |
Description: Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the configname parameter on the /cbi_addcert.htm page.
EPSS Score: 0.03%
February 28th, 2025 (4 months ago)
|
|
CVE-2025-25429 |
Description: Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the r_name variable inside the have_same_name function on the /addschedule.htm page.
EPSS Score: 0.03%
February 28th, 2025 (4 months ago)
|
|
CVE-2025-25428 |
Description: TRENDnet TEW-929DRU 1.0.0.10 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
EPSS Score: 0.02%
February 28th, 2025 (4 months ago)
|
|
February 28th, 2025 (4 months ago)
|
|
CVE-2025-27408 |
Description: Manifest offers users a one-file micro back end. Prior to version 4.9.1, Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same hash, making it easier for attackers to identify and exploit patterns, thereby accelerating the cracking process. Version 4.9.1 fixes the issue.
CVSS: MEDIUM (4.8) EPSS Score: 0.02%
February 28th, 2025 (4 months ago)
|
|
CVE-2025-24849 |
Description: Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure.
CVSS: HIGH (7.1) EPSS Score: 0.01%
February 28th, 2025 (4 months ago)
|
|
CVE-2025-24318 |
Description: Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise.
CVSS: MEDIUM (6.8) EPSS Score: 0.05%
February 28th, 2025 (4 months ago)
|