CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-22511

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ella van Durpe Slides & Presentations allows Stored XSS.This issue affects Slides & Presentations: from n/a through 0.0.39.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22507

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Benjamin Santalucia ([email protected]) WPMU Prefill Post allows SQL Injection.This issue affects WPMU Prefill Post: from n/a through 1.02.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22503

Description: Cross-Site Request Forgery (CSRF) vulnerability in Digital Zoom Studio Admin debug wordpress – enable debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress – enable debug: from n/a through 1.0.13.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22502

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mindvalley MindValley Super PageMash allows SQL Injection.This issue affects MindValley Super PageMash: from n/a through 1.1.

CVSS: HIGH (7.6)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22500

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Ali Alpha Price Table For Elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through 1.0.8.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22395

Description: Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker.

CVSS: HIGH (8.2)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22365

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric McNiece EMC2 Alert Boxes allows Stored XSS.This issue affects EMC2 Alert Boxes: from n/a through 1.3.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22364

Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Service Shogun Ach Invoice App allows PHP Local File Inclusion.This issue affects Ach Invoice App: from n/a through 1.0.1.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22363

Description: Missing Authorization vulnerability in ORION Allada T-shirt Designer for Woocommerce.This issue affects Allada T-shirt Designer for Woocommerce: from n/a through 1.1.

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)

CVE-2025-22362

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Powerfusion WPAchievements Free allows Stored XSS.This issue affects WPAchievements Free: from n/a through 1.2.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
January 8th, 2025 (6 months ago)