CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22603 |
Description: AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Versions prior to autogpt-platform-beta-v0.4.2 contains a server-side request forgery (SSRF) vulnerability inside component (or block) `Send Web Request`. The root cause is that IPV6 address is not restricted or filtered, which allows attackers to perform a server side request forgery to visit an IPV6 service. autogpt-platform-beta-v0.4.2 fixes the issue.
CVSS: HIGH (7.7) EPSS Score: 0.06%
March 10th, 2025 (4 months ago)
|
|
CVE-2024-43107 |
Description: Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin.
This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.
CVSS: HIGH (7.2) EPSS Score: 0.03% SSVC Exploitation: none
March 10th, 2025 (4 months ago)
|
|
CVE-2024-41724 |
Description: Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server.
This issue affects all versions of Gallagher Command Centre prior to 9.20.1043.
CVSS: HIGH (8.7) EPSS Score: 0.02% SSVC Exploitation: none
March 10th, 2025 (4 months ago)
|
|
CVE-2025-26933 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7.
CVSS: HIGH (7.5) EPSS Score: 0.11%
March 10th, 2025 (4 months ago)
|
|
CVE-2025-26910 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 10th, 2025 (4 months ago)
|
|
CVE-2024-12604 |
Description: Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025.
CVSS: HIGH (7.3) EPSS Score: 0.02%
March 10th, 2025 (4 months ago)
|
|
CVE-2024-13919 |
Description: The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
CVSS: HIGH (8.0) EPSS Score: 0.01%
March 10th, 2025 (4 months ago)
|
|
CVE-2024-13918 |
Description: The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
CVSS: HIGH (8.0) EPSS Score: 0.01%
March 10th, 2025 (4 months ago)
|
|
CVE-2025-27256 |
Description: Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network.
CVSS: HIGH (8.3) EPSS Score: 0.04%
March 10th, 2025 (4 months ago)
|
|
CVE-2025-27255 |
Description: Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.
CVSS: HIGH (8.0) EPSS Score: 0.02%
March 10th, 2025 (4 months ago)
|