CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0510 |
Description: Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135.
EPSS Score: 0.05%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0509 |
Description: A security issue was found in Sparkle before version 2.64. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.
CVSS: HIGH (7.3) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0466 |
Description: The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0451 |
Description: Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0445 |
Description: Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0444 |
Description: Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0413 |
Description: Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability.
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.
The specific flaw exists within the Technical Data Reporter component. By creating a symbolic link, an attacker can abuse the service to change the permissions of arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-25014.
CVSS: HIGH (7.8) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0368 |
Description: The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users.
EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2025-0364 |
Description: BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|
|
CVE-2024-9644 |
Description: The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an
authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 5th, 2025 (5 months ago)
|