CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-35552	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component... Description: idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-35551	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add. Description: idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-35550	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev. Description: idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-35548	A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind... Description: A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications that avoid SQL injection. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-35512	An issue in hmq v1.5.5 allows attackers to cause a Denial of Service (DoS) via crafted requests. Description: An issue in hmq v1.5.5 allows attackers to cause a Denial of Service (DoS) via crafted requests. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-35511	phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via the "username" parameter of /msms/admin/index.php. Description: phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via the "username" parameter of /msms/admin/index.php. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-35510	An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via... Description: An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-35504	A cross-site scripting (XSS) vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a... Description: A cross-site scripting (XSS) vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter after a failed login attempt. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-35492	Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy function at src/fmt.c. This vulnerability allows... Description: Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy function at src/fmt.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MQTT packet. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-35475	A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists... Description: A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)