CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-22302 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line: from n/a through 4.6.6.
CVSS: MEDIUM (6.5) EPSS Score: 0.06% SSVC Exploitation: none
May 23rd, 2025 (27 days ago)
|
|
CVE-2024-22291 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browser Theme Color.This issue affects Browser Theme Color: from n/a through 1.3.
CVSS: MEDIUM (4.3) EPSS Score: 0.07% SSVC Exploitation: none
May 23rd, 2025 (27 days ago)
|
|
CVE-2025-48378 |
Description: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue.
CVSS: MEDIUM (6.1) EPSS Score: 0.05%
May 23rd, 2025 (27 days ago)
|
|
CVE-2025-48377 |
Description: DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module actions. Version 9.13.9 fixes the issue.
CVSS: MEDIUM (6.0) EPSS Score: 0.05% SSVC Exploitation: none
May 23rd, 2025 (27 days ago)
|
|
CVE-2025-48375 |
Description: Schule is open-source school management system software. Prior to version 1.0.1, the file forgot_password.php (or equivalent endpoint responsible for email-based OTP generation) lacks proper rate limiting controls, allowing attackers to abuse the OTP request functionality. This vulnerability can be exploited to send an excessive number of OTP emails, leading to potential denial-of-service (DoS) conditions or facilitating user harassment through email flooding. Version 1.0.1 fixes the issue.
CVSS: MEDIUM (6.6) EPSS Score: 0.06%
May 23rd, 2025 (27 days ago)
|
|
CVE-2025-32967 |
Description: OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This weakens traceability and opens the system to undetectable misuse by insiders or attackers. Version 7.0.3.4 contains a patch for the issue.
CVSS: MEDIUM (5.4) EPSS Score: 0.04% SSVC Exploitation: poc
May 23rd, 2025 (27 days ago)
|
|
CVE-2024-51103 |
Description: PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/password-recovery.php via the emailid and id parameters.
CVSS: MEDIUM (6.5) EPSS Score: 0.03% SSVC Exploitation: poc
May 23rd, 2025 (27 days ago)
|
|
CVE-2024-51099 |
Description: A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the searchdata parameter.
CVSS: MEDIUM (6.1) EPSS Score: 0.04%
May 23rd, 2025 (27 days ago)
|
|
CVE-2024-48702 |
Description: PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter.
CVSS: MEDIUM (5.4) EPSS Score: 0.03%
May 23rd, 2025 (27 days ago)
|
|
CVE-2024-43687 |
Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.
CVSS: MEDIUM (6.1) EPSS Score: 0.18% SSVC Exploitation: none
May 23rd, 2025 (27 days ago)
|