CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-57599 |
Description: Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-57523 |
Description: Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user.
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-57430 |
Description: An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation.
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-57429 |
Description: A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request.
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-57428 |
Description: A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject persistent JavaScript, leading to phishing, malware injection, and session hijacking.
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-57427 |
Description: PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross-site scripting (XSS). Multiple endpoints improperly handle user input, allowing malicious scripts to execute in a victim’s browser. Attackers can craft malicious links to steal session cookies or conduct phishing attacks.
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-57426 |
Description: NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an attacker to execute arbitrary code by placing a malicious DLL in a directory where the application loads dependencies. This vulnerability arises due to the improper validation of dynamically loaded libraries.
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-57392 |
Description: Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service (DoS) on the FTP service by sending a maliciously crafted message to the ProFTPD service port.
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-56889 |
Description: Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter.
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|
|
CVE-2024-55241 |
Description: An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbitrary code via the modelsbyom.py component.
EPSS Score: 0.04%
February 7th, 2025 (5 months ago)
|