CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

	Multiple vulnerabilities in The LuxCal Web Calendar Description: The LuxCal Web Calendar provided by LuxSoft contains multiple vulnerabilities. Source: Japan Vulnerability Notes (JVN) February 17th, 2025 (5 months ago)
	Twin Google flaws allowed attacker to get from YouTube ID to Gmail address in a few easy steps Source: TheRegister February 17th, 2025 (5 months ago)
	"RoboForm Password Manager" App for Android vulnerable to authentication bypass using an alternate path or channel Description: "RoboForm Password Manager" App for Android provided by Siber Systems, Inc. is vulnerable to authentication bypass using an alternate path or channel. Source: Japan Vulnerability Notes (JVN) February 17th, 2025 (5 months ago)
	ASUSTeK COMPUTER Lyra mini vulnerable to improper authentication Description: Lyra mini provided by ASUSTeK COMPUTER INC. contains an improper authentication vulnerability. Source: Japan Vulnerability Notes (JVN) February 17th, 2025 (5 months ago)
CVE-2025-26779	WordPress Keep Backup Daily plugin <= 2.1.0 - Arbitrary File Download vulnerability Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fahad Mahmood Keep Backup Daily allows Path Traversal. This issue affects Keep Backup Daily: from n/a through 2.1.0. CVSS: MEDIUM (4.9) EPSS Score: 0.04% Source: CVE February 17th, 2025 (5 months ago)
CVE-2025-26768	WordPress what3words Address Field plugin <= 4.0.15 - CSRF to Stored XSS vulnerability Description: Cross-Site Request Forgery (CSRF) vulnerability in what3words what3words Address Field allows Stored XSS. This issue affects what3words Address Field: from n/a through 4.0.15. CVSS: HIGH (7.1) EPSS Score: 0.04% Source: CVE February 17th, 2025 (5 months ago)
CVE-2025-26767	WordPress Qubely – Advanced Gutenberg Blocks plugin <= 1.8.12 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely – Advanced Gutenberg Blocks allows Stored XSS. This issue affects Qubely – Advanced Gutenberg Blocks: from n/a through 1.8.12. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE February 17th, 2025 (5 months ago)
CVE-2025-26766	WordPress Leyka plugin <= 3.31.8 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VaultDweller Leyka allows Stored XSS. This issue affects Leyka: from n/a through 3.31.8. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE February 17th, 2025 (5 months ago)
CVE-2025-26765	WordPress Distance Based Shipping Calculator plugin <= 2.0.22 - Broken Access Control vulnerability Description: Missing Authorization vulnerability in enituretechnology Distance Based Shipping Calculator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Distance Based Shipping Calculator: from n/a through 2.0.22. CVSS: MEDIUM (5.4) EPSS Score: 0.04% Source: CVE February 17th, 2025 (5 months ago)
CVE-2025-26761	WordPress Easy Elementor Addons plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Easy Elementor Addons allows DOM-Based XSS. This issue affects Easy Elementor Addons: from n/a through 2.1.5. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE February 17th, 2025 (5 months ago)