CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-24671

Description: Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Object Injection. This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 4.4.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24667

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.17.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24665

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Unishippers Edition allows SQL Injection. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.8.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24664

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology LTL Freight Quotes – Worldwide Express Edition allows SQL Injection. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.20.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24662

Description: Missing Authorization vulnerability in NotFound LearnDash LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LearnDash LMS: from n/a through 4.20.0.1.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24653

Description: Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24628

Description: Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24626

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Music Store allows Reflected XSS. This issue affects Music Store: from n/a through 1.1.19.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24612

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MORKVA Shipping for Nova Poshta allows SQL Injection. This issue affects Shipping for Nova Poshta: from n/a through 1.19.6.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)

CVE-2025-24606

Description: Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.1.

CVSS: MEDIUM (6.4)

EPSS Score: 0.04%

Source: CVE
January 28th, 2025 (5 months ago)