CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-49072 |
Description: Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object Injection.This issue affects Mr. Murphy: from n/a before 1.2.12.1.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-38000 |
Description: In the Linux kernel, the following vulnerability has been resolved:
sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the
child qdisc's peek() operation before incrementing sch->q.qlen and
sch->qstats.backlog. If the child qdisc uses qdisc_peek_dequeued(), this may
trigger an immediate dequeue and potential packet drop. In such cases,
qdisc_tree_reduce_backlog() is called, but the HFSC qdisc's qlen and backlog
have not yet been updated, leading to inconsistent queue accounting. This
can leave an empty HFSC class in the active list, causing further
consequences like use-after-free.
This patch fixes the bug by moving the increment of sch->q.qlen and
sch->qstats.backlog before the call to the child qdisc's peek() operation.
This ensures that queue length and backlog are always accurate when packet
drops or dequeues are triggered during the peek.
EPSS Score: 0.03%
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-31025 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksera Image Hover Effects Block allows Stored XSS. This issue affects Image Hover Effects Block: from n/a through 1.4.5.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-31000 |
Description: Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payment QR WooCommerce: from n/a through 1.1.6.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-30999 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Fahad Mahmood WP Shopify allows PHP Local File Inclusion. This issue affects WP Shopify: from n/a through 1.5.3.
CVSS: HIGH (7.5) EPSS Score: 0.13%
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-30997 |
Description: Server-Side Request Forgery (SSRF) vulnerability in SmartDataSoft Car Repair Services allows Server Side Request Forgery. This issue affects Car Repair Services: from n/a through 5.0.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-30995 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Widgetize Pages Light allows Stored XSS. This issue affects Widgetize Pages Light: from n/a through 3.0.
CVSS: HIGH (7.1) EPSS Score: 0.02%
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-30994 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Emraan Cheema CubeWP – All-in-One Dynamic Content Framework allows Cross Site Request Forgery. This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.23.
CVSS: MEDIUM (4.3) EPSS Score: 0.02%
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-30991 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Premium Packages allows Stored XSS. This issue affects Premium Packages: from n/a through 6.0.2.
CVSS: MEDIUM (6.5) EPSS Score: 0.03%
June 6th, 2025 (about 1 month ago)
|
|
CVE-2025-30990 |
Description: Missing Authorization vulnerability in ThemeHunk ThemeHunk allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThemeHunk: from n/a through 1.1.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.03%
June 6th, 2025 (about 1 month ago)
|