CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-36568
Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=.
Description: Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=.

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-36550
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close
Description: idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close

EPSS Score: 0.07%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-36549
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close
Description: idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close

EPSS Score: 0.07%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-36548
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del
Description: idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del

EPSS Score: 0.07%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-36547
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add
Description: idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add

EPSS Score: 0.07%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-36522
Apache Wicket: Remote code execution via XSLT injection
Description: The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue.

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-3652
IKEv1 default AH/ESP responder can cause libreswan to abort and restart
Description: The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.

EPSS Score: 0.04%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-36497
Unhashed Storage of Password
Description: The decrypted configuration file contains the password in cleartext which is used to configure WINSelect. It can be used to remove the existing restrictions and disable WINSelect entirely.

EPSS Score: 0.05%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-36496
Hardcoded Credentials
Description: The configuration file is encrypted with a static key derived from a static five-character password which allows an attacker to decrypt this file. The application hashes this five-character password with the outdated and broken MD5 algorithm (no salt) and uses the first five bytes as the key for RC4. The configuration file is then encrypted with these parameters.

EPSS Score: 0.05%

Source: CVE
February 14th, 2025 (5 months ago)

CVE-2024-36495
Read/Write Permissions for Everyone on Configuration File
Description: The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd

EPSS Score: 0.05%

Source: CVE
February 14th, 2025 (5 months ago)