CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-13379 |
Description: The C9 Admin Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
February 21st, 2025 (5 months ago)
|
|
CVE-2024-13235 |
Description: The Pinpoint Booking System – #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'language' parameter in all versions up to, and including, 2.9.9.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
February 21st, 2025 (5 months ago)
|
|
Description: Posted by Georgi Guninski on Feb 20Python's official documentation contains textbook example of insecure code (XSS)
Date: 2025-02-18
Author: Georgi Guninski
===
form = cgi.FieldStorage()
if "name" not in form or "addr" not in form:
print("Error")
print("Please fill in the name and addr fields.")
return
print("name:", form["name"].value)
print("addr:",...
February 21st, 2025 (5 months ago)
|
|
|
Description: Posted by Andrey Stoykov on Feb 20# Exploit Title: Self Stored XSS - acp2sev7.2.2
# Date: 02/2025
# Exploit Author: Andrey Stoykov
# Version: 7.2.2
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2025/02/friday-fun-pentest-series-19-self.html
Self Stored XSS #1:
Steps to Reproduce:
1. Visit "http://192.168.58.168/acp2se/mul/muladmin.php" and login with
"admin" / "adminpass"
2. In the field "Put the name of the new...
February 21st, 2025 (5 months ago)
|
|
CVE-2025-26465 |
Description: Posted by Qualys Security Advisory via Fulldisclosure on Feb 20Qualys Security Advisory
CVE-2025-26465: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled
client
CVE-2025-26466: DoS attack against OpenSSH's client and server
========================================================================
Contents
========================================================================
Summary
Background
Experiments
Results
MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
DoS...
EPSS Score: 11.5%
February 21st, 2025 (5 months ago)
|
|
|
February 21st, 2025 (5 months ago)
|
|
CVE-2024-38657 |
Description: External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files.
CVSS: CRITICAL (9.1) EPSS Score: 0.15%
February 21st, 2025 (5 months ago)
|
|
CVE-2025-1001 |
Description: Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modify the server's response and deliver a malicious update to the user.
CVSS: MEDIUM (5.7) EPSS Score: 0.01%
February 21st, 2025 (5 months ago)
|
|
|
February 21st, 2025 (5 months ago)
|
|
CVE-2025-27218 |
Description: Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization.
EPSS Score: 4.14%
February 21st, 2025 (5 months ago)
|