CyberAlerts

CVE-2025-2947

Description: IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system.

CVSS: HIGH (7.2)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2025-28101

An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created...

Description: An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request.

EPSS Score: 0.05%

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2025-26268

DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The...

Description: DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked.

CVSS: LOW (3.3)

EPSS Score: 0.01%

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2025-25455

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2.

Description: Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2.

EPSS Score: 0.02%

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2025-25454

Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.

Description: Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2.

EPSS Score: 0.02%

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2024-55211

An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie.

Description: An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie.

EPSS Score: 0.02%

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2024-53924

Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with...

Description: Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring.

EPSS Score: 0.02%

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2024-0355

PHPGurukul Dairy Farm Shop Management System add-category.php sql injection

Description: A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability. Es wurde eine Schwachstelle in PHPGurukul Dairy Farm Shop Management System bis 1.1 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei add-category.php. Durch Manipulation des Arguments category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.5)

EPSS Score: 0.09%

SSVC Exploitation: poc

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2024-0349

SourceCodester Engineers Online Portal missing secure attribute

Description: A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability. In SourceCodester Engineers Online Portal 1.0 wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung. Durch Beeinflussen mit unbekannten Daten kann eine sensitive cookie without secure attribute-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (3.7)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE

April 17th, 2025 (2 days ago)

CVE-2024-0345

CodeAstro Vehicle Booking System User Registration usr-register.php cross site scripting

Description: A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System 1.0. This affects an unknown part of the file usr/usr-register.php of the component User Registration. The manipulation of the argument Full_Name/Last_Name/Address with the input alert(document.cookie) leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250113 was assigned to this vulnerability. Es wurde eine problematische Schwachstelle in CodeAstro Vehicle Booking System 1.0 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei usr/usr-register.php der Komponente User Registration. Mittels Manipulieren des Arguments Full_Name/Last_Name/Address mit der Eingabe alert(document.cookie) mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (4.3)

EPSS Score: 0.08%

SSVC Exploitation: poc

Source: CVE

April 17th, 2025 (2 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-2947	IBM i privilege escalation Description: IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the host operating system. CVSS: HIGH (7.2) EPSS Score: 0.04% SSVC Exploitation: none Source: CVE April 17th, 2025 (2 days ago)
CVE-2025-28101	An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created... Description: An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request. EPSS Score: 0.05% Source: CVE April 17th, 2025 (2 days ago)
CVE-2025-26268	DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The... Description: DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked. CVSS: LOW (3.3) EPSS Score: 0.01% Source: CVE April 17th, 2025 (2 days ago)
CVE-2025-25455	Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2. Description: Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanMTU2. EPSS Score: 0.02% Source: CVE April 17th, 2025 (2 days ago)
CVE-2025-25454	Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2. Description: Tenda AC10 V4.0si_V16.03.10.20 is vulnerable to Buffer Overflow in AdvSetMacMtuWan via wanSpeed2. EPSS Score: 0.02% Source: CVE April 17th, 2025 (2 days ago)
CVE-2024-55211	An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie. Description: An issue in Think Router Tk-Rt-Wr135G V3.0.2-X000 allows attackers to bypass authentication via a crafted cookie. EPSS Score: 0.02% Source: CVE April 17th, 2025 (2 days ago)
CVE-2024-53924	Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with... Description: Pycel through 1.0b30, when operating on an untrusted spreadsheet, allows code execution via a crafted formula in a cell, such as one beginning with the =IF(A1=200, eval("__import__('os').system( substring. EPSS Score: 0.02% Source: CVE April 17th, 2025 (2 days ago)
CVE-2024-0355	PHPGurukul Dairy Farm Shop Management System add-category.php sql injection Description: A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability. Es wurde eine Schwachstelle in PHPGurukul Dairy Farm Shop Management System bis 1.1 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei add-category.php. Durch Manipulation des Arguments category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (5.5) EPSS Score: 0.09% SSVC Exploitation: poc Source: CVE April 17th, 2025 (2 days ago)
CVE-2024-0349	SourceCodester Engineers Online Portal missing secure attribute Description: A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability. In SourceCodester Engineers Online Portal 1.0 wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung. Durch Beeinflussen mit unbekannten Daten kann eine sensitive cookie without secure attribute-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung. CVSS: LOW (3.7) EPSS Score: 0.03% SSVC Exploitation: poc Source: CVE April 17th, 2025 (2 days ago)
CVE-2024-0345	CodeAstro Vehicle Booking System User Registration usr-register.php cross site scripting Description: A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System 1.0. This affects an unknown part of the file usr/usr-register.php of the component User Registration. The manipulation of the argument Full_Name/Last_Name/Address with the input alert(document.cookie) leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250113 was assigned to this vulnerability. Es wurde eine problematische Schwachstelle in CodeAstro Vehicle Booking System 1.0 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei usr/usr-register.php der Komponente User Registration. Mittels Manipulieren des Arguments Full_Name/Last_Name/Address mit der Eingabe alert(document.cookie) mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (4.3) EPSS Score: 0.08% SSVC Exploitation: poc Source: CVE April 17th, 2025 (2 days ago)