CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-23561 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MLL Audio Player MP3 Ajax allows Stored XSS. This issue affects MLL Audio Player MP3 Ajax: from n/a through 0.7.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-23527 |
Description: Missing Authorization vulnerability in Hemnath Mouli WC Wallet allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WC Wallet: from n/a through 2.2.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-23491 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vikashsrivastava1111989 VSTEMPLATE Creator allows Reflected XSS. This issue affects VSTEMPLATE Creator: from n/a through 2.0.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-23210 |
Description: phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting (XSS) sanitizer using the javascript protocol and special characters. This issue has been addressed in versions 3.9.0, 2.3.7, 2.1.8, and 1.29.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: MEDIUM (4.8) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-22978 |
Description: eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-22918 |
Description: Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user information.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-22775 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in idIA Tech Catalog Importer, Scraper & Crawler allows Reflected XSS. This issue affects Catalog Importer, Scraper & Crawler: from n/a through 5.1.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-22704 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Abinav Thakuri WordPress Signature allows Cross Site Request Forgery. This issue affects WordPress Signature: from n/a through 0.1.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-22703 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in manuelvicedo Forge – Front-End Page Builder allows Stored XSS. This issue affects Forge – Front-End Page Builder: from n/a through 1.4.6.
CVSS: HIGH (7.1) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2025-22701 |
Description: Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler Layout Essential For Elementor. This issue affects Traveler Layout Essential For Elementor: from n/a through 1.0.8.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|