CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
Scientists Just Discovered a Lost Ancient Culture That Vanished
Description: Plus: a surprising case of galactic eschatology, nematode cheerleading pyramids, ancient makeup kits, and more.
Source: 404 Media
June 7th, 2025 (21 days ago)

CVE-2025-5568
WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description: The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
June 7th, 2025 (21 days ago)

CVE-2025-5528
Social Sharing Plugin – Sassy Social Share <= 3.3.75 - Reflected Cross-Site Scripting via 'heateor_mastodon_share' Parameter
Description: The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action, such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.08%

Source: CVE
June 7th, 2025 (21 days ago)

CVE-2024-9994
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cros...
Description: The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_tooltip_content parameter of the Pricing Table Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
June 7th, 2025 (21 days ago)

CVE-2024-9993
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.1.12 - Authenticated(Contributor+) Stored Cros...
Description: The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details_text parameter of Event Calendar Widget in all versions up to, and including, 6.1.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: MEDIUM (6.4)

EPSS Score: 0.03%

Source: CVE
June 7th, 2025 (21 days ago)
🏴‍☠️ Worldleaks has just published a new victim : AntFarm
Description: [AI generated] AntFarm is a business incubator based in Mumbai, India. It focuses on developing early-stage businesses, including start-ups, in the digital media and technology sectors. AntFarm helps companies grow by providing resources, tech support, mentorship, and funding. Its portfolio includes companies like Stylista, Fork Media, and Propelld.
Source: Ransomware.live
June 7th, 2025 (21 days ago)
🏴‍☠️ Devman has just published a new victim : NSSF KENYA /nssf.zip - first samle /nssfwriteup.html - writeup
Description: 4.5 million USD
Source: Ransomware.live
June 7th, 2025 (21 days ago)
🏴‍☠️ Incransom has just published a new victim : waiwhetu-medical-centre
Description: Waiwhetū Medical Centre operates under the korowai of Te Rūnganganui o Te Āti Awa. The team apply a whānau approach to deliver wrap around support services that aim to identify and meet the needs of whānau living in Te Awa Kairangi.
Source: Ransomware.live
June 7th, 2025 (21 days ago)

CVE-2025-5303
LTL Freight Quotes – Freightview Edition <= 1.0.11, LTL Freight Quotes – Daylight Edition <=2.2.6 and LTL Freight Quotes – Day & Ross Edition <= 2....
Description: The LTL Freight Quotes – Freightview Edition, LTL Freight Quotes – Daylight Edition and LTL Freight Quotes – Day & Ross Edition plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the expiry_date parameter in all versions up to, and including, 1.0.11, 2.2.6 and 2.1.10 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS: HIGH (7.2)

EPSS Score: 0.12%

Source: CVE
June 7th, 2025 (21 days ago)

CVE-2025-5399
WebSocket endless loop
Description: Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS libcurl-using application.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: CVE
June 7th, 2025 (21 days ago)