CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-0668 |
Description: The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
CVSS: MEDIUM (6.6) EPSS Score: 0.75% SSVC Exploitation: none
June 6th, 2025 (22 days ago)
|
|
CVE-2024-0212 |
Description: The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API.
CVSS: HIGH (8.1) EPSS Score: 0.58% SSVC Exploitation: none
June 6th, 2025 (22 days ago)
|
|
Description: Agentic AI technology will be integrated into the recently launched F5 Application Delivery and Security Platform.
June 6th, 2025 (22 days ago)
|
|
CVE-2025-5787 |
Description: A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWsc of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In TOTOLINK X15 1.0.0-B20230714.1105 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht näher bekannte Funktion der Datei /boafrm/formWsc der Komponente HTTP POST Request Handler. Mit der Manipulation des Arguments submit-url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.2%
June 6th, 2025 (22 days ago)
|
|
CVE-2025-5786 |
Description: A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in TOTOLINK X15 1.0.0-B20230714.1105 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /boafrm/formDMZ der Komponente HTTP POST Request Handler. Dank Manipulation des Arguments submit-url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.14%
June 6th, 2025 (22 days ago)
|
|
CVE-2025-5785 |
Description: A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in TOTOLINK X15 1.0.0-B20230714.1105 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /boafrm/formWirelessTbl der Komponente HTTP POST Request Handler. Dank der Manipulation des Arguments submit-url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.14% SSVC Exploitation: poc
June 6th, 2025 (22 days ago)
|
|
CVE-2025-5784 |
Description: A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This vulnerability affects unknown code of the file /myexp.php. The manipulation of the argument emp3ctc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Employee Record Management System 1.3 wurde eine kritische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /myexp.php. Durch Beeinflussen des Arguments emp3ctc mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.3) EPSS Score: 0.03% SSVC Exploitation: poc
June 6th, 2025 (22 days ago)
|
|
CVE-2025-49599 |
Description: Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET TCP ports, aka HWNO-56Q3.
CVSS: MEDIUM (4.1) EPSS Score: 0.01%
June 6th, 2025 (22 days ago)
|
|
|
Description: Though the operation was partially disrupted earlier this year, the botnet remains active and continues to target connected Android devices.
June 6th, 2025 (22 days ago)
|
|
Description: Microsoft has released a PowerShell script to help restore an empty 'inetpub' folder created by the April 2025 Windows security updates if deleted. As Microsoft previously warned, this folder helps mitigate a high-severity Windows Process Activation privilege escalation vulnerability. [...]
June 6th, 2025 (22 days ago)
|