CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-24134
Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu...
Description: Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section.

CVSS: MEDIUM (4.8)

EPSS Score: 0.73%

SSVC Exploitation: poc

Source: CVE
May 29th, 2025 (20 days ago)

CVE-2024-24041
A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary...
Description: A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php.

CVSS: MEDIUM (6.1)

EPSS Score: 0.16%

SSVC Exploitation: poc

Source: CVE
May 29th, 2025 (20 days ago)

CVE-2024-23840
`goreleaser release --debug` shows secrets
Description: GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. `goreleaser release --debug` log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0.

CVSS: MEDIUM (5.5)

EPSS Score: 0.05%

SSVC Exploitation: poc

Source: CVE
May 29th, 2025 (20 days ago)

CVE-2024-23822
Thruk Incorrect limitation of a pathname to a restricted directory (Path Traversal) (CWE-22)
Description: Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as Path Traversal or Directory Traversal. Version 3.12 fixes the issue.

CVSS: MEDIUM (5.4)

EPSS Score: 0.3%

SSVC Exploitation: poc

Source: CVE
May 29th, 2025 (20 days ago)

CVE-2024-23791
Unnecessary data is written to log if issues during indexing occurs
Description: Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1.

CVSS: MEDIUM (4.9)

EPSS Score: 0.11%

SSVC Exploitation: none

Source: CVE
May 29th, 2025 (20 days ago)

CVE-2024-23034
Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
Description: Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.

CVSS: MEDIUM (6.1)

EPSS Score: 0.16%

SSVC Exploitation: poc

Source: CVE
May 29th, 2025 (20 days ago)

CVE-2024-23033
Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
Description: Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.

CVSS: MEDIUM (6.1)

EPSS Score: 0.16%

SSVC Exploitation: poc

Source: CVE
May 29th, 2025 (20 days ago)

CVE-2024-22551
WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search.
Description: WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search.

CVSS: MEDIUM (6.1)

EPSS Score: 0.12%

SSVC Exploitation: poc

Source: CVE
May 29th, 2025 (20 days ago)

CVE-2024-21630
Zulip non-admins can invite new users to streams they would not otherwise be able to add existing users to
Description: Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only to streams that the inviter can already see. Version 8.1 fixes this issue. As a workaround, administrators can limit sending of invitations down to users who also have the permission to add users to streams.

CVSS: MEDIUM (4.3)

EPSS Score: 0.11%

SSVC Exploitation: none

Source: CVE
May 29th, 2025 (20 days ago)

CVE-2024-1111
SourceCodester QR Code Login System add-user.php cross site scripting
Description: A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Affected by this issue is some unknown functionality of the file add-user.php. The manipulation of the argument qr-code leads to cross site scripting. The attack may be launched remotely. VDB-252470 is the identifier assigned to this vulnerability. Eine problematische Schwachstelle wurde in SourceCodester QR Code Login System 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei add-user.php. Durch das Beeinflussen des Arguments qr-code mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen.

CVSS: MEDIUM (4.3)

EPSS Score: 0.13%

SSVC Exploitation: none

Source: CVE
May 29th, 2025 (20 days ago)