CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-41724 |
Description: Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server.
This issue affects all versions of Gallagher Command Centre prior to 9.20.1043.
CVSS: HIGH (8.7) EPSS Score: 0.02% SSVC Exploitation: none
March 10th, 2025 (4 months ago)
|
|
CVE-2025-26933 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7.
CVSS: HIGH (7.5) EPSS Score: 0.11%
March 10th, 2025 (4 months ago)
|
|
CVE-2025-26910 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBookit allows Stored XSS. This issue affects WPBookit: from n/a through 1.0.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 10th, 2025 (4 months ago)
|
|
CVE-2024-12604 |
Description: Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse.This issue affects Tap&Sign App: before V.1.025.
CVSS: HIGH (7.3) EPSS Score: 0.02%
March 10th, 2025 (4 months ago)
|
|
CVE-2024-13919 |
Description: The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
CVSS: HIGH (8.0) EPSS Score: 0.01%
March 10th, 2025 (4 months ago)
|
|
CVE-2024-13918 |
Description: The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
CVSS: HIGH (8.0) EPSS Score: 0.01%
March 10th, 2025 (4 months ago)
|
|
CVE-2025-27256 |
Description: Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network.
CVSS: HIGH (8.3) EPSS Score: 0.04%
March 10th, 2025 (4 months ago)
|
|
CVE-2025-27255 |
Description: Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.
CVSS: HIGH (8.0) EPSS Score: 0.02%
March 10th, 2025 (4 months ago)
|
|
CVE-2025-27254 |
Description: Improper Authentication vulnerability in GE Vernova EnerVista UR Setup allows Authentication Bypass.
The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.
CVSS: HIGH (8.0) EPSS Score: 0.03%
March 10th, 2025 (4 months ago)
|
|
CVE-2024-10629 |
Description: CVE-2024-10629: GPX Viewer Exploit
CVSS: HIGH (8.8)
March 10th, 2025 (4 months ago)
|