CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-50724	KASO v9.0 was discovered to contain a SQL injection vulnerability via the person_id parameter at /cardcase/editcard.jsp. Description: KASO v9.0 was discovered to contain a SQL injection vulnerability via the person_id parameter at /cardcase/editcard.jsp. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 4th, 2024 (7 months ago)
CVE-2024-50650	python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by... Description: python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 4th, 2024 (7 months ago)
CVE-2024-50649	The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability. Description: The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 4th, 2024 (7 months ago)
CVE-2024-50648	yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse... Description: yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 4th, 2024 (7 months ago)
CVE-2024-50647	The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can... Description: The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through https://ip:port/api/myapp/index/user/info?id=1 And modify the ID value to obtain sensitive user information beyond authorization. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 4th, 2024 (7 months ago)
CVE-2024-49417	Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities.... Description: Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability. CVSS: LOW (2.0) EPSS Score: 0.04% Source: CVE December 4th, 2024 (7 months ago)
CVE-2024-49414	Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent... Description: Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. CVSS: LOW (2.4) EPSS Score: 0.04% Source: CVE December 4th, 2024 (7 months ago)
CVE-2024-49203	Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. Description: Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 4th, 2024 (7 months ago)
CVE-2024-48536	Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted... Description: Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 4th, 2024 (7 months ago)
CVE-2024-48533	A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows... Description: A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 4th, 2024 (7 months ago)