CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24648 |
Description: Incorrect Privilege Assignment vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.1.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-24602 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP24 WP24 Domain Check allows Reflected XSS. This issue affects WP24 Domain Check: from n/a through 1.10.14.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-24599 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS. This issue affects Newsletters: from n/a through 4.9.9.6.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-24598 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.17.0.
CVSS: HIGH (7.1) EPSS Score: 0.05%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-24373 |
Description: woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document link and 2. Replace the URL variable `my-account` with `bulk`. The issue occurs when: 1. The store's document access is set to "guest." and 2. The user is logged out. This vulnerability compromises the confidentiality of sensitive documents, affecting all stores using the plugin with the guest access option enabled. This issue has been addressed in version 4.0.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: MEDIUM (6.3) EPSS Score: 0.05%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-23645 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Optimize Worldwide Find Content IDs allows Reflected XSS. This issue affects Find Content IDs: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-23060 |
Description: A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.
CVSS: MEDIUM (6.6) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-23059 |
Description: A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system.
CVSS: MEDIUM (6.8) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-23058 |
Description: A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges.
CVSS: HIGH (8.8) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-23023 |
Description: Discourse is an open source platform for community discussion. In affected versions an attacker can carefully craft a request with the right request headers to poison the anonymous cache (for example, the cache may have a response with missing preloaded data). This issue only affects anonymous visitors of the site. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade may disable anonymous cache by setting the `DISCOURSE_DISABLE_ANON_CACHE` environment variable to a non-empty value.
CVSS: HIGH (8.2) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|