CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-0461 |
Description: A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument pathfile leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In Shanghai Lingdang Information Technology Lingdang CRM bis 8.6.0.0 wurde eine problematische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. Dank der Manipulation des Arguments pathfile mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.05%
January 15th, 2025 (6 months ago)
|
|
CVE-2025-0460 |
Description: A vulnerability, which was classified as critical, was found in Blog Botz for Journal Theme 1.0 on OpenCart. This affects an unknown part of the file /index.php?route=extension/module/blog_add. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine kritische Schwachstelle in Blog Botz for Journal Theme 1.0 für OpenCart gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei /index.php?route=extension/module/blog_add. Durch Beeinflussen des Arguments image mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.05%
January 15th, 2025 (6 months ago)
|
|
CVE-2025-0459 |
Description: A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of the component Startup. The manipulation leads to untrusted search path. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way. Eine problematische Schwachstelle wurde in libretro RetroArch bis 1.19.1 für Windows entdeckt. Es geht hierbei um eine nicht näher spezifizierte Funktion in der Bibliothek profapi.dll der Komponente Startup. Durch das Beeinflussen mit unbekannten Daten kann eine untrusted search path-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren.
CVSS: MEDIUM (4.8) EPSS Score: 0.05%
January 15th, 2025 (6 months ago)
|
|
CVE-2025-0458 |
Description: A vulnerability classified as problematic was found in Virtual Computer Vysual RH Solution 2024.12.1. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Panel. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In Virtual Computer Vysual RH Solution 2024.12.1 wurde eine problematische Schwachstelle entdeckt. Es geht um eine nicht näher bekannte Funktion der Datei /index.php der Komponente Login Panel. Durch Manipulieren des Arguments page mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.05%
January 15th, 2025 (6 months ago)
|
|
CVE-2025-0394 |
Description: The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (8.8) EPSS Score: 0.07%
January 15th, 2025 (6 months ago)
|
|
CVE-2025-0393 |
Description: The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS: MEDIUM (6.1) EPSS Score: 0.05%
January 15th, 2025 (6 months ago)
|
|
CVE-2025-0070 |
Description: SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability.
CVSS: CRITICAL (9.9) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
CVE-2025-0069 |
Description: Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this, he could move laterally within the network and further compromise the active directory of a company. This leads to high impact on confidentiality, integrity and availability of the Windows server.
CVSS: HIGH (7.8) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
CVE-2025-0068 |
Description: An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks. Because of this, an authenticated attacker could obtain information that would otherwise be restricted. It has no impact on integrity or availability on the application.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|
|
CVE-2025-0067 |
Description: Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on confidentiality, integrity, and availability of the application.
CVSS: MEDIUM (6.3) EPSS Score: 0.04%
January 15th, 2025 (6 months ago)
|