CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-23626 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidetoshi Fukushima Kumihimo allows Reflected XSS. This issue affects Kumihimo: from n/a through 1.0.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 24th, 2025 (6 months ago)
|
|
CVE-2025-23624 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alessandro Benoit WpDevTool allows Reflected XSS. This issue affects WpDevTool: from n/a through 0.1.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 24th, 2025 (6 months ago)
|
|
CVE-2025-23545 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Navnish Bhardwaj WP Social Broadcast allows Reflected XSS. This issue affects WP Social Broadcast: from n/a through 1.0.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 24th, 2025 (6 months ago)
|
|
CVE-2025-23544 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in heart5 StatPressCN allows Reflected XSS. This issue affects StatPressCN: from n/a through 1.9.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 24th, 2025 (6 months ago)
|
|
CVE-2025-23541 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in edmon Download, Downloads allows Reflected XSS. This issue affects Download, Downloads : from n/a through 1.4.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 24th, 2025 (6 months ago)
|
|
CVE-2025-23540 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin khan WP Front-end login and register allows Reflected XSS. This issue affects WP Front-end login and register: from n/a through 2.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 24th, 2025 (6 months ago)
|
|
CVE-2025-23227 |
Description: IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS: MEDIUM (6.4) EPSS Score: 0.05%
January 24th, 2025 (6 months ago)
|
|
CVE-2025-23012 |
Description: Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23).
CVSS: HIGH (7.5) EPSS Score: 0.05%
January 24th, 2025 (6 months ago)
|
|
CVE-2025-23011 |
Description: Fedora Repository 3.8.1 allows path traversal when extracting uploaded archives ("Zip Slip"). A remote, authenticated attacker can upload a specially crafted archive that will extract an arbitrary JSP file to a location that can be executed by an unauthenticated GET request. Fedora Repository 3.8.1 was released on 2015-06-11 and is no longer maintained. Migrate to a currently supported version (6.5.1 as of 2025-01-23).
CVSS: HIGH (8.7) EPSS Score: 0.05%
January 24th, 2025 (6 months ago)
|
|
CVE-2025-22964 |
Description: DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers to inject malicious SQL queries by directly incorporating user-supplied input into database queries without proper escaping or validation. Exploiting this issue enables unauthorized access, manipulation of data, or exposure of sensitive information, posing significant risks to the integrity and confidentiality of the application.
EPSS Score: 0.04%
January 24th, 2025 (6 months ago)
|