CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-32499
Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed.
Description: Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed.

CVSS: MEDIUM (4.9)

EPSS Score: 0.1%

Source: CVE
April 28th, 2025 (2 months ago)

CVE-2025-27937
Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If...
Description: Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory ('Path Traversal'). If exploited, an arbitrary file in the affected product may be obtained by a remote attacker who can log in to the product.

CVSS: MEDIUM (6.5)

EPSS Score: 0.06%

SSVC Exploitation: none

Source: CVE
April 28th, 2025 (2 months ago)

CVE-2025-4025
itsourcecode Placement Management System registration.php sql injection
Description: A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /registration.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. In itsourcecode Placement Management System 1.0 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /registration.php. Durch das Manipulieren des Arguments Name mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.03%

Source: CVE
April 28th, 2025 (2 months ago)

CVE-2025-4024
itsourcecode Placement Management System add_drive.php sql injection
Description: A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /add_drive.php. The manipulation of the argument drive_title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Es wurde eine kritische Schwachstelle in itsourcecode Placement Management System 1.0 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /add_drive.php. Mittels Manipulieren des Arguments drive_title mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.9)

EPSS Score: 0.03%

Source: CVE
April 28th, 2025 (2 months ago)

CVE-2025-31144
Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote...
Description: Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is running.

CVSS: MEDIUM (5.8)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
April 28th, 2025 (2 months ago)

CVE-2025-23377
Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high...
Description: Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs.

CVSS: MEDIUM (4.2)

EPSS Score: 0.01%

SSVC Exploitation: none

Source: CVE
April 28th, 2025 (2 months ago)

CVE-2024-8372
AngularJS improper sanitization in 'srcset' attribute
Description: Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects AngularJS versions 1.3.0-rc.4 and greater. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

CVSS: MEDIUM (4.8)

EPSS Score: 0.15%

SSVC Exploitation: poc

Source: CVE
April 28th, 2025 (2 months ago)

CVE-2025-4022
web-arena-x webarena evaluators.py HTMLContentEvaluator code injection
Description: A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluation_harness/evaluators.py. The manipulation of the argument target["url"] leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In web-arena-x webarena bis 0.2.0 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion HTMLContentEvaluator der Datei webarena/evaluation_harness/evaluators.py. Durch Manipulation des Arguments target["url"] mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.05%

Source: CVE
April 28th, 2025 (2 months ago)

CVE-2024-8373
AngularJS improper sanitization in '' element
Description: Improper sanitization of the value of the [srcset] attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing . This issue affects all versions of AngularJS. Note: The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see here https://docs.angularjs.org/misc/version-support-status .

CVSS: MEDIUM (4.8)

EPSS Score: 0.03%

SSVC Exploitation: poc

Source: CVE
April 28th, 2025 (2 months ago)

CVE-2025-4021
code-projects Patient Record Management System edit_spatient.php sql injection
Description: A vulnerability was found in code-projects Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /edit_spatient.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in code-projects Patient Record Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /edit_spatient.php. Durch die Manipulation des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.03%

Source: CVE
April 28th, 2025 (2 months ago)