CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Check out a new roadmap for adopting quantum-resistant cryptography. Plus, find out how your company can create a better cybersecurity environment. In addition, MITRE warns about protecting critical infrastructure from cyber war. And get the latest on exposure response strategies and on CISO compensation and job satisfaction.Dive into five things that are top of mind for the week ending June 6.1 - Group releases roadmap for adopting post-quantum cryptographyIs your organization looking for guidance on how to carry out its migration to post-quantum cryptography (PQC)? A group that includes MITRE, Microsoft and IBM just released a roadmap designed to help organizations plan and execute their adoption of PQC.Titled “Post-Quantum Cryptography (PQC) Migration Roadmap,” the 20-page document from the “Post Quantum Cryptography Coalition” breaks down PQC migrations into four major stages:Preparation, which includes identifying the transition’s main goals, assigning a project leader and identifying key stakeholdersBaseline understanding, which includes a comprehensive inventory of the data and assets to be protected, as well as determining required resources and budgets.Planning and execution, which includes collaboration with internal and external partners to either acquire or develop the necessary tools for the migrationMonitoring and evaluation, which includes establishing metrics for tracking the project’s progress and for reassessing cryptographic security, based on the evolut...
June 6th, 2025 (25 days ago)
|
CVE-2025-5761 |
Description: A vulnerability, which was classified as critical, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file /edit-family-member.php. The manipulation of the argument memberage leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PHPGurukul BP Monitoring Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /edit-family-member.php. Durch die Manipulation des Arguments memberage mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (5.3) EPSS Score: 0.03%
June 6th, 2025 (25 days ago)
|
|
CVE-2025-5760 |
Description: The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password‐related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third‐party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password.
CVSS: MEDIUM (4.9) EPSS Score: 0.04%
June 6th, 2025 (25 days ago)
|
|
CVE-2025-5759 |
Description: A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. This vulnerability affects unknown code of the file /admin/edit-person-detail.php?editid=2. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Local Services Search Engine Management System 2.1 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/edit-person-detail.php?editid=2. Mit der Manipulation des Arguments editid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03%
June 6th, 2025 (25 days ago)
|
|
CVE-2025-5758 |
Description: A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. This affects an unknown part of the file /doctor.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Es wurde eine Schwachstelle in SourceCodester Open Source Clinic Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /doctor.php. Dank Manipulation des Arguments doctorname mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: MEDIUM (6.9) EPSS Score: 0.03%
June 6th, 2025 (25 days ago)
|
|
CVE-2025-5239 |
Description: The Domain For Sale plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class_name’ parameter in all versions up to, and including, 3.0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS: MEDIUM (6.4) EPSS Score: 0.03%
June 6th, 2025 (25 days ago)
|
|
CVE-2025-49077 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh Dynamic Pricing and Discount Rules allows Cross Site Request Forgery.This issue affects Dynamic Pricing and Discount Rules: from n/a through 2.2.9.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
June 6th, 2025 (25 days ago)
|
|
CVE-2025-49076 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Innovations The Plus Addons for Elementor Page Builder Lite allows Stored XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 6.2.7.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 6th, 2025 (25 days ago)
|
|
CVE-2025-49075 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Wishlist allows Stored XSS.This issue affects Wishlist: from n/a through 1.0.43.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 6th, 2025 (25 days ago)
|
|
CVE-2025-49074 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemesGrove WidgetKit allows Stored XSS.This issue affects WidgetKit: from n/a through 2.5.4.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 6th, 2025 (25 days ago)
|