CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-49237 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in POEditor POEditor allows Path Traversal. This issue affects POEditor: from n/a through 0.9.10.
CVSS: HIGH (7.4) EPSS Score: 0.02%
June 6th, 2025 (23 days ago)
|
|
CVE-2025-49236 |
Description: Missing Authorization vulnerability in raychat Raychat allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Raychat: from n/a through 2.1.0.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
June 6th, 2025 (23 days ago)
|
|
CVE-2025-49235 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit Addons for Elementor allows Stored XSS. This issue affects RTMKit Addons for Elementor: from n/a through 1.6.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 6th, 2025 (23 days ago)
|
|
CVE-2025-49073 |
Description: Deserialization of Untrusted Data vulnerability in Axiomthemes Sweet Dessert allows Object Injection.This issue affects Sweet Dessert: from n/a before 1.1.13.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
June 6th, 2025 (23 days ago)
|
|
CVE-2025-49072 |
Description: Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object Injection.This issue affects Mr. Murphy: from n/a before 1.2.12.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
June 6th, 2025 (23 days ago)
|
|
CVE-2025-38000 |
Description: In the Linux kernel, the following vulnerability has been resolved:
sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the
child qdisc's peek() operation before incrementing sch->q.qlen and
sch->qstats.backlog. If the child qdisc uses qdisc_peek_dequeued(), this may
trigger an immediate dequeue and potential packet drop. In such cases,
qdisc_tree_reduce_backlog() is called, but the HFSC qdisc's qlen and backlog
have not yet been updated, leading to inconsistent queue accounting. This
can leave an empty HFSC class in the active list, causing further
consequences like use-after-free.
This patch fixes the bug by moving the increment of sch->q.qlen and
sch->qstats.backlog before the call to the child qdisc's peek() operation.
This ensures that queue length and backlog are always accurate when packet
drops or dequeues are triggered during the peek.
EPSS Score: 0.03%
June 6th, 2025 (23 days ago)
|
|
CVE-2025-31025 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksera Image Hover Effects Block allows Stored XSS. This issue affects Image Hover Effects Block: from n/a through 1.4.5.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 6th, 2025 (23 days ago)
|
|
CVE-2025-31000 |
Description: Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payment QR WooCommerce: from n/a through 1.1.6.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
June 6th, 2025 (23 days ago)
|
|
CVE-2025-30999 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fahad Mahmood WP Shopify allows PHP Local File Inclusion. This issue affects WP Shopify: from n/a through 1.5.3.
CVSS: HIGH (7.5) EPSS Score: 0.13%
June 6th, 2025 (23 days ago)
|
|
CVE-2025-30997 |
Description: Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services allows Server Side Request Forgery. This issue affects Car Repair Services: from n/a through 5.0.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
June 6th, 2025 (23 days ago)
|