CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22711 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Maier Image Source Control allows Reflected XSS. This issue affects Image Source Control: from n/a through 2.29.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-22710 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StoreApps Smart Manager allows Blind SQL Injection. This issue affects Smart Manager: from n/a through 8.52.0.
CVSS: HIGH (7.6) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-22709 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.8.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-22706 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.mihai Social Pug: Author Box allows Reflected XSS. This issue affects Social Pug: Author Box: from n/a through 1.0.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-22661 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vcita.com Online Payments – Get Paid with PayPal, Square & Stripe allows Stored XSS. This issue affects Online Payments – Get Paid with PayPal, Square & Stripe: from n/a through 3.20.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-22553 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Multiple Carousel allows SQL Injection. This issue affects Multiple Carousel: from n/a through 2.0.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-22322 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Private Messages for UserPro allows Reflected XSS. This issue affects Private Messages for UserPro: from n/a through 4.10.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-22318 |
Description: Missing Authorization vulnerability in Eniture Technology Standard Box Sizes – for WooCommerce. This issue affects Standard Box Sizes – for WooCommerce: from n/a through 1.6.13.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-22311 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Private Messages for UserPro. This issue affects Private Messages for UserPro: from n/a through 4.10.0.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|
|
CVE-2025-22276 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enguerran Weiss Related Post Shortcode allows Stored XSS. This issue affects Related Post Shortcode: from n/a through 1.2.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
January 22nd, 2025 (5 months ago)
|