CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-22107 |
Description: An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform.
CVSS: HIGH (7.2) EPSS Score: 0.96% SSVC Exploitation: poc
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-20813 |
Description: Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
CVSS: HIGH (8.4) EPSS Score: 0.09% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-20812 |
Description: Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
CVSS: HIGH (8.4) EPSS Score: 0.04% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-20007 |
Description: In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369.
CVSS: HIGH (7.5) EPSS Score: 1.61% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-1225 |
Description: A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. In QiboSoft QiboCMS X1 bis 1.0.6 wurde eine kritische Schwachstelle entdeckt. Betroffen ist die Funktion rmb_pay der Datei /application/index/controller/Pay.php. Dank Manipulation des Arguments callback_class mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.1% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-1197 |
Description: A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-252695. Eine Schwachstelle wurde in SourceCodester Testimonial Page Manager 1.0 entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei delete-testimonial.php der Komponente HTTP GET Request Handler. Durch die Manipulation des Arguments testimony mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen.
CVSS: HIGH (7.3) EPSS Score: 0.04% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-1149 |
Description: Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2.
CVSS: HIGH (7.8) EPSS Score: 0.03% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-0324 |
Description: The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles.
CVSS: HIGH (8.2) EPSS Score: 45.96% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-4713 |
Description: A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/print.php. The manipulation of the argument sid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in Campcodes Sales and Inventory System 1.0 gefunden. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /pages/print.php. Durch Beeinflussen des Arguments sid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-4711 |
Description: A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /pages/stockin_add.php. The manipulation of the argument prod_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in Campcodes Sales and Inventory System 1.0 gefunden. Betroffen hiervon ist ein unbekannter Ablauf der Datei /pages/stockin_add.php. Durch Manipulieren des Arguments prod_name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.03% SSVC Exploitation: poc
May 15th, 2025 (about 1 month ago)
|