CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-25077

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugbug Easy Chart Builder for WordPress allows Stored XSS. This issue affects Easy Chart Builder for WordPress: from n/a through 1.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
February 8th, 2025 (5 months ago)

CVE-2025-25076

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicholaswilson Graceful Email Obfuscation allows Stored XSS. This issue affects Graceful Email Obfuscation: from n/a through 0.2.2.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
February 8th, 2025 (5 months ago)

CVE-2025-25075

Description: Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area allows Stored XSS. This issue affects Show notice or message on admin area: from n/a through 2.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
February 8th, 2025 (5 months ago)

CVE-2025-25074

Description: Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
February 8th, 2025 (5 months ago)

CVE-2025-25073

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vasilis Triantafyllou Easy WP Tiles allows Stored XSS. This issue affects Easy WP Tiles: from n/a through 1.

CVSS: MEDIUM (5.9)

EPSS Score: 0.04%

Source: CVE
February 8th, 2025 (5 months ago)

CVE-2025-25072

Description: Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin Custom Page allows Stored XSS. This issue affects WP Admin Custom Page: from n/a through 1.5.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
February 8th, 2025 (5 months ago)

CVE-2025-25071

Description: Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads allows Stored XSS. This issue affects Vignette Ads: from n/a through 0.2.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
February 8th, 2025 (5 months ago)

CVE-2025-25069

Description: A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained with SSRF. It is similiar to CVE-2016-10517 in Redis. This issue affects Apache Kvrocks: from the initial version to the latest version 2.11.0. Users are recommended to upgrade to version 2.11.1, which fixes the issue.

EPSS Score: 0.04%

Source: CVE
February 8th, 2025 (5 months ago)

CVE-2025-24980

Description: pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented. This issue has been addressed in version 1.7.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
February 8th, 2025 (5 months ago)

CVE-2025-24366

Description: SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being `rsync`. It is disabled in the default configuration and it is limited to the local filesystem, it does not work with cloud/remote storage backends. Due to missing sanitization of the client provided `rsync` command, an authenticated remote user can use some options of the rsync command to read or write files with the permissions of the SFTPGo server process. This issue was fixed in version v2.6.5 by checking the client provided arguments. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
February 8th, 2025 (5 months ago)