CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2025-21524

Description: Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-51919

Description: Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.

CVSS: CRITICAL (9.0)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-51888

Description: Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-51818

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-49688

Description: Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-49655

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-32555

Description: Incorrect Privilege Assignment vulnerability in NotFound Easy Real Estate allows Privilege Escalation. This issue affects Easy Real Estate: from n/a through 2.2.6.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2024-13091

Description: The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit requires thee ChatBot Conversational Forms plugin and the Conversational Form Builder Pro addon plugin.

CVSS: CRITICAL (9.8)

EPSS Score: 0.09%

Source: CVE
January 22nd, 2025 (5 months ago)

CVE-2025-23220

Description: WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_raca.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.

CVSS: CRITICAL (10.0)

EPSS Score: 0.04%

Source: CVE
January 21st, 2025 (5 months ago)

CVE-2025-23219

Description: WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionar_cor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in the database, allowing unauthorized access to sensitive information. During the exploit, it was possible to perform a complete dump of the application's database, highlighting the severity of the flaw. This vulnerability is fixed in 3.2.10.

CVSS: CRITICAL (10.0)

EPSS Score: 0.04%

Source: CVE
January 21st, 2025 (5 months ago)