CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-28924 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ZenphotoPress allows Reflected XSS. This issue affects ZenphotoPress: from n/a through 1.8.
CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none
March 26th, 2025 (3 months ago)
|
|
CVE-2025-28921 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound SpatialMatch IDX allows Reflected XSS. This issue affects SpatialMatch IDX: from n/a through 3.0.9.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 26th, 2025 (3 months ago)
|
|
CVE-2025-28917 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Custom Smilies allows Stored XSS. This issue affects Custom Smilies: from n/a through 2.9.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 26th, 2025 (3 months ago)
|
|
CVE-2025-28916 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Docpro allows PHP Local File Inclusion. This issue affects Docpro: from n/a through 2.0.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.13%
March 26th, 2025 (3 months ago)
|
|
CVE-2025-28911 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gravity2pdf Gravity 2 PDF allows Reflected XSS. This issue affects Gravity 2 PDF: from n/a through 3.1.3.
CVSS: HIGH (7.1) EPSS Score: 0.03% SSVC Exploitation: none
March 26th, 2025 (3 months ago)
|
|
CVE-2025-28903 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Driving Directions allows Reflected XSS. This issue affects Driving Directions: from n/a through 1.4.4.
CVSS: HIGH (7.1) EPSS Score: 0.03% SSVC Exploitation: none
March 26th, 2025 (3 months ago)
|
|
CVE-2025-28899 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Event Ticketing allows Reflected XSS. This issue affects WP Event Ticketing: from n/a through 1.3.4.
CVSS: HIGH (7.1) EPSS Score: 0.03% SSVC Exploitation: none
March 26th, 2025 (3 months ago)
|
|
CVE-2025-28898 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound WP Multistore Locator allows SQL Injection. This issue affects WP Multistore Locator: from n/a through 2.5.2.
CVSS: CRITICAL (9.3) EPSS Score: 0.04% SSVC Exploitation: none
March 26th, 2025 (3 months ago)
|
|
CVE-2025-28893 |
Description: Improper Control of Generation of Code ('Code Injection') vulnerability in NotFound Visual Text Editor allows Remote Code Inclusion. This issue affects Visual Text Editor: from n/a through 1.2.1.
CVSS: CRITICAL (9.9) EPSS Score: 0.05% SSVC Exploitation: none
March 26th, 2025 (3 months ago)
|
|
CVE-2025-28890 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Lightview Plus allows Reflected XSS. This issue affects Lightview Plus: from n/a through 3.1.3.
CVSS: HIGH (7.1) EPSS Score: 0.04% SSVC Exploitation: none
March 26th, 2025 (3 months ago)
|