CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-43923 |
Description: An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
June 3rd, 2025 (12 days ago)
|
|
CVE-2024-45655 |
Description: IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
CVSS: MEDIUM (5.5) EPSS Score: 0.01% SSVC Exploitation: none
June 3rd, 2025 (12 days ago)
|
|
CVE-2024-23178 |
Description: An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.
CVSS: MEDIUM (5.4) EPSS Score: 0.35% SSVC Exploitation: poc
June 3rd, 2025 (12 days ago)
|
|
CVE-2024-23177 |
Description: An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.
CVSS: MEDIUM (6.1) EPSS Score: 0.39% SSVC Exploitation: poc
June 3rd, 2025 (12 days ago)
|
|
CVE-2024-23173 |
Description: An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php.
CVSS: MEDIUM (6.1) EPSS Score: 0.39% SSVC Exploitation: poc
June 3rd, 2025 (12 days ago)
|
|
CVE-2024-22494 |
Description: A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVSS: MEDIUM (5.4) EPSS Score: 0.08% SSVC Exploitation: poc
June 3rd, 2025 (12 days ago)
|
|
CVE-2024-22492 |
Description: A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.
CVSS: MEDIUM (5.4) EPSS Score: 0.12% SSVC Exploitation: poc
June 3rd, 2025 (12 days ago)
|
|
CVE-2024-22368 |
Description: The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.
CVSS: MEDIUM (5.5) EPSS Score: 0.03% SSVC Exploitation: poc
June 3rd, 2025 (12 days ago)
|
|
CVE-2024-22028 |
Description: Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data.
CVSS: MEDIUM (4.6) EPSS Score: 0.04% SSVC Exploitation: none
June 3rd, 2025 (12 days ago)
|
|
CVE-2024-21738 |
Description: SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.
CVSS: MEDIUM (4.1) EPSS Score: 0.2% SSVC Exploitation: none
June 3rd, 2025 (12 days ago)
|