CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1577 |
Description: A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /prostatus.php. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine problematische Schwachstelle wurde in code-projects Blood Bank System 1.0 entdeckt. Dies betrifft einen unbekannten Teil der Datei /prostatus.php. Durch die Manipulation des Arguments message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.5) EPSS Score: 0.03%
February 23rd, 2025 (5 months ago)
|
|
CVE-2024-11168 |
Description:
Nessus Plugin ID 216668 with Medium Severity
Synopsis
The remote Fedora host is missing one or more security updates.
Description
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b353a46e0c advisory. Security fixes for CVE-2024-11168 and CVE-2025-0938Tenable has extracted the preceding description block directly from the Fedora security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected python3.8 package.
Read more at https://www.tenable.com/plugins/nessus/216668
CVSS: MEDIUM (6.3)
February 23rd, 2025 (5 months ago)
|
|
CVE-2024-13728 |
Description: The Accept Donations with PayPal & Stripe plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the rf parameter in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.06%
February 23rd, 2025 (5 months ago)
|
|
CVE-2025-1576 |
Description: A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax_state.php. The manipulation of the argument StateName as part of String leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In code-projects Real Estate Property Management System 1.0 wurde eine kritische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalität der Datei /ajax_state.php. Mit der Manipulation des Arguments StateName durch String kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
February 23rd, 2025 (5 months ago)
|
|
CVE-2025-1575 |
Description: A vulnerability classified as problematic has been found in Harpia DiagSystem 12. Affected is an unknown function of the file /diagsystem/PACS/atualatendimento_jpeg.php. The manipulation of the argument cod/codexame leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in Harpia DiagSystem 12 entdeckt. Es betrifft eine unbekannte Funktion der Datei /diagsystem/PACS/atualatendimento_jpeg.php. Dank Manipulation des Arguments cod/codexame mit unbekannten Daten kann eine improper control of resource identifiers-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
February 23rd, 2025 (5 months ago)
|
|
Description: Threat actors are exploiting major Counter-Strike 2 (CS2) competitions, like IEM Katowice 2025 and PGL Cluj-Napoca 2025, to defraud gamers and steal their Steam accounts and cryptocurrency. [...]
February 22nd, 2025 (5 months ago)
|
|
|
Description: An ongoing PayPal email scam exploits the platform's address settings to send fake purchase notifications, tricking users into granting remote access to scammers [...]
February 22nd, 2025 (5 months ago)
|
|
|
Description: A Threat Actor Claims to have Leaked Data of Minnesota's Government Services
February 22nd, 2025 (5 months ago)
|
|
CVE-2025-27012 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a through 1.5.1.
CVSS: HIGH (8.8) EPSS Score: 0.02%
February 22nd, 2025 (5 months ago)
|
|
CVE-2025-26973 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WarfarePlugins Social Warfare allows DOM-Based XSS. This issue affects Social Warfare: from n/a through 4.5.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
February 22nd, 2025 (5 months ago)
|