CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1003 |
Description: A potential vulnerability has been identified in HP Anyware Agent for Linux which might allow for authentication bypass which may result in escalation of privilege. HP is releasing a software update to mitigate this potential vulnerability.
CVSS: HIGH (8.5) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0960 |
Description: AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0890 |
Description: **UNSUPPORTED WHEN ASSIGNED**
Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in to the management interface if the administrators have the option to change the default credentials but fail to do so.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0825 |
Description: cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters ("\r\n") when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more.
CVSS: MEDIUM (6.9) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0630 |
Description: Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a local file inclusion attack (LFI), where any authenticated user has privileged access to files on the device's filesystem.
CVSS: MEDIUM (6.0) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0510 |
Description: Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135.
EPSS Score: 0.05%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0509 |
Description: A security issue was found in Sparkle before version 2.64. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
CVSS: HIGH (7.3) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0466 |
Description: The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0451 |
Description: Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0445 |
Description: Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|