CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24085 |
🚨 Marked as known exploited on January 28th, 2025 (5 months ago).
Description: A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
CVSS: HIGH (7.8) EPSS Score: 0.21%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-23982 |
Description: Missing Authorization vulnerability in Marian Kanev Cab fare calculator allows Stored XSS. This issue affects Cab fare calculator: from n/a through 1.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-23935 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Plugin Factory Magic Google Maps allows Stored XSS.
This issue affects Magic Google Maps: from n/a through 1.0.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-23885 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MJ Contact us allows Reflected XSS. This issue affects MJ Contact us: from n/a through 5.2.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-23849 |
Description: Missing Authorization vulnerability in Benjamin Piwowarski PAPERCITE allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PAPERCITE: from n/a through 0.5.18.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-23839 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Sticky Button allows Stored XSS. This issue affects Sticky Button: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-23838 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bauernregeln allows Reflected XSS. This issue affects Bauernregeln: from n/a through 1.0.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-23837 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound One Backend Language allows Reflected XSS. This issue affects One Backend Language: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-23792 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Busters Passwordless WP – Login with your glance or fingerprint allows Reflected XSS. This issue affects Passwordless WP – Login with your glance or fingerprint: from n/a through 1.1.6.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-23756 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ivan Chernyakov LawPress – Law Firm Website Management allows Reflected XSS. This issue affects LawPress – Law Firm Website Management: from n/a through 1.4.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|