CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56056 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kmfoysal06 SimpleCharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through 1.4.3.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-53800 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rezgo Rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through 4.15.
CVSS: HIGH (8.1) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-51715 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickWhale ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages allows Blind SQL Injection.This issue affects ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages: from n/a through 2.4.1.
CVSS: HIGH (8.5) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-51700 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 김 민준 (Minjun Kim) NAVER Analytics allows Stored XSS.This issue affects NAVER Analytics: from n/a through 0.9.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-49644 |
Description: Incorrect Privilege Assignment vulnerability in AllAccessible Team Accessibility by AllAccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a through 1.3.4.
CVSS: HIGH (8.8) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-49633 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-49249 |
Description: Path Traversal vulnerability in SMSA Express SMSA Shipping allows Path Traversal.This issue affects SMSA Shipping: from n/a through 2.3.
CVSS: HIGH (8.6) EPSS Score: 0.04%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-12849 |
Description: The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
CVSS: HIGH (7.5) EPSS Score: 0.53%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-12633 |
Description: The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page parameter in all versions up to, and including, 5.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS: HIGH (7.1) EPSS Score: 0.05%
January 8th, 2025 (6 months ago)
|
|
CVE-2024-12535 |
Description: The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.
CVSS: HIGH (8.6) EPSS Score: 0.09%
January 8th, 2025 (6 months ago)
|