CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-26966 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in Aldo Latino PrivateContent. This issue affects PrivateContent: from n/a through 8.11.5.
CVSS: CRITICAL (9.8) EPSS Score: 0.08% SSVC Exploitation: none
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26965 |
Description: Authorization Bypass Through User-Controlled Key vulnerability in ameliabooking Amelia allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Amelia: from n/a through 1.2.16.
CVSS: MEDIUM (5.3) EPSS Score: 0.04% SSVC Exploitation: none
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26964 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.20.
CVSS: HIGH (7.5) EPSS Score: 0.12% SSVC Exploitation: none
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26963 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in flowdee ClickWhale allows Cross Site Request Forgery. This issue affects ClickWhale: from n/a through 2.4.3.
CVSS: MEDIUM (5.4) EPSS Score: 0.02%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26962 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab Easy Contact Form Lite allows Stored XSS. This issue affects Easy Contact Form Lite : from n/a through 1.1.25.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26960 |
Description: Missing Authorization vulnerability in enituretechnology Small Package Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.9.
CVSS: MEDIUM (6.5) EPSS Score: 0.05%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26957 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Deetronix Affiliate Coupons allows PHP Local File Inclusion. This issue affects Affiliate Coupons: from n/a through 1.7.3.
CVSS: HIGH (7.5) EPSS Score: 0.12%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26952 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Business Card Block allows Stored XSS. This issue affects Business Card Block: from n/a through 1.0.5.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26949 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Team Section Block allows Stored XSS. This issue affects Team Section Block: from n/a through 1.0.9.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
February 25th, 2025 (4 months ago)
|
|
CVE-2025-26948 |
Description: Missing Authorization vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
February 25th, 2025 (4 months ago)
|