CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-34274	OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclient_spot of the OpenBD software... Description: OpenBD 20210306203917-6cbe797 is vulnerable to Deserialization of Untrusted Data. The cookies bdglobals and bdclient_spot of the OpenBD software uses serialized data, which can be used to execute arbitrary code on the system. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-34273	njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method. Description: njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-34256	OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function. Description: OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-34245	An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in... Description: An arbitrary file read vulnerability in DedeCMS v5.7.114 allows authenticated attackers to read arbitrary files by specifying any path in makehtml_js_action.php. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-34243	Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter. Description: Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-34241	A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web... Description: A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications. EPSS Score: 0.05% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-34240	QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) resulting in arbitrary code execution in admin functions related to adding or... Description: QDOCS Smart School 7.0.0 is vulnerable to Cross Site Scripting (XSS) resulting in arbitrary code execution in admin functions related to adding or updating records. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-34231	A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or... Description: A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-34230	A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or... Description: A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)
CVE-2024-34226	SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute... Description: SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters. EPSS Score: 0.04% Source: CVE February 14th, 2025 (5 months ago)