CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24708 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Reflected XSS. This issue affects WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through 1.1.6.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24689 |
Description: Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in codection Import and export users and customers allows Retrieve Embedded Sensitive Data. This issue affects Import and export users and customers: from n/a through 1.27.12.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24685 |
Description: Path Traversal vulnerability in MORKVA Morkva UA Shipping allows PHP Local File Inclusion. This issue affects Morkva UA Shipping: from n/a through 1.0.18.
CVSS: HIGH (8.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24680 |
Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WpMultiStoreLocator WP Multi Store Locator allows Reflected XSS. This issue affects WP Multi Store Locator: from n/a through 2.4.7.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24671 |
Description: Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Object Injection. This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 4.4.0.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24667 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.17.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24665 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Unishippers Edition allows SQL Injection. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.8.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24664 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology LTL Freight Quotes – Worldwide Express Edition allows SQL Injection. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.20.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24662 |
Description: Missing Authorization vulnerability in NotFound LearnDash LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LearnDash LMS: from n/a through 4.20.0.1.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|
|
CVE-2025-24653 |
Description: Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1.
CVSS: MEDIUM (4.3) EPSS Score: 0.04%
January 28th, 2025 (5 months ago)
|