CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-22395

Description: Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22365

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric McNiece EMC2 Alert Boxes allows Stored XSS.This issue affects EMC2 Alert Boxes: from n/a through 1.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22364

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Service Shogun Ach Invoice App allows PHP Local File Inclusion.This issue affects Ach Invoice App: from n/a through 1.0.1.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22363

Description: Missing Authorization vulnerability in ORION Allada T-shirt Designer for Woocommerce.This issue affects Allada T-shirt Designer for Woocommerce: from n/a through 1.1.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22362

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Powerfusion WPAchievements Free allows Stored XSS.This issue affects WPAchievements Free: from n/a through 1.2.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22359

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PJFC SyncFields allows Reflected XSS.This issue affects SyncFields: from n/a through 2.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22358

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcon Simone Wp advertising management allows Reflected XSS.This issue affects Wp advertising management: from n/a through 1.0.3.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22357

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Plugins Target Notifications allows Reflected XSS.This issue affects Target Notifications: from n/a through 1.1.1.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22355

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kiKx Kikx Simple Post Author Filter allows Reflected XSS.This issue affects Kikx Simple Post Author Filter: from n/a through 1.0.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22354

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Themes Digi Store allows DOM-Based XSS.This issue affects Digi Store: from n/a through 1.1.4.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)