CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-23227 |
Description: IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-23012 |
Description: Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23).
CVSS: HIGH (7.5) EPSS Score: 0.05%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-23011 |
Description: Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23).
CVSS: HIGH (8.7) EPSS Score: 0.05%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-22964 |
Description: DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied input into database queries without proper escaping or validation. Exploiting this issue enables unauthorized access, manipulation of data, or exposure of sensitive information, posing significant risks to the integrity and confidentiality of the application.
EPSS Score: 0.04%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-22768 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Media Library Mime Type allows Stored XSS. This issue affects Rocket Media Library Mime Type: from n/a through 2.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-22264 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tarak Patel WP Query Creator allows Reflected XSS. This issue affects WP Query Creator: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-22153 |
Description: RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using `try/except*`, RestrictedPython starting in version 6.0 and prior to version 8.0 could be bypassed. The issue is patched in version 8.0 of RestrictedPython by removing support for `try/except*` clauses. No known workarounds are available.
CVSS: HIGH (7.9) EPSS Score: 0.04%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-0650 |
Description: A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
EPSS Score: 0.05%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-0648 |
Description: Unexpected server crash in database driver in M-Files Server before 25.1.14445.5 allows a highly privileged attacker to cause denial of service via configuration change.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-0637 |
Description: It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to access private areas and/or areas intended for other roles. The vulnerability has been identified at least in the file or path ‘/app/tools.html’.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 24th, 2025 (5 months ago)
|