CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-23541 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in edmon Download, Downloads allows Reflected XSS. This issue affects Download, Downloads : from n/a through 1.4.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-23540 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin khan WP Front-end login and register allows Reflected XSS. This issue affects WP Front-end login and register: from n/a through 2.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-23227 |
Description: IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-23012 |
Description: Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23).
CVSS: HIGH (7.5) EPSS Score: 0.05%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-23011 |
Description: Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23).
CVSS: HIGH (8.7) EPSS Score: 0.05%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-22964 |
Description: DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied input into database queries without proper escaping or validation. Exploiting this issue enables unauthorized access, manipulation of data, or exposure of sensitive information, posing significant risks to the integrity and confidentiality of the application.
EPSS Score: 0.04%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-22768 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Media Library Mime Type allows Stored XSS. This issue affects Rocket Media Library Mime Type: from n/a through 2.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-22264 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tarak Patel WP Query Creator allows Reflected XSS. This issue affects WP Query Creator: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-22153 |
Description: RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using `try/except*`, RestrictedPython starting in version 6.0 and prior to version 8.0 could be bypassed. The issue is patched in version 8.0 of RestrictedPython by removing support for `try/except*` clauses. No known workarounds are available.
CVSS: HIGH (7.9) EPSS Score: 0.04%
January 24th, 2025 (5 months ago)
|
|
CVE-2025-0650 |
Description: A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical switch with DNS records set on it and if the same switch has any egress ACLs configured. This issue can lead to unauthorized access to virtual machines and containers running on the OVN network.
EPSS Score: 0.05%
January 24th, 2025 (5 months ago)
|