CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2019-19245

Description: Posted by hyp3rlinx on Feb 01Updated SQL Injection CVE-2019-19245 exploit for Python3. import requests,time,re,sys,argparse #NAPC Xinet Elegant 6 Asset Library v6.1.655 #Pre-Auth SQL Injection 0day Exploit #By hyp3rlinx #ApparitionSec #UPDATED: Jan 2024 for python3 #TODO: add SSL support #=============================== #This will dump tables, usernames and passwords in vulnerable versions #REQUIRE PARAMS:...
Source: Full Disclosure Mailinglist
February 2nd, 2025 (5 months ago)
Description: Posted by David Fifield on Feb 01I tested a few more times, and it appears the text injection has disappeared. These are timestamps when I tested, with offsets relative to the initial discovery. +0h 2025-01-28 03:00 initial discovery +5h 2025-01-28 08:19 ?q=EgtoZWxsbyB3b3JsZA works (https://archive.is/DD9xB) +14h 2025-01-28 17:31 ?q=EgtoZWxsbyB3b3JsZA works (no archive) +45h...
Source: Full Disclosure Mailinglist
February 2nd, 2025 (5 months ago)
Description: Posted by Apple Product Security via Fulldisclosure on Feb 01APPLE-SA-01-30-2025-1 GarageBand 10.4.12 GarageBand 10.4.12 addresses the following issues. Information about the security content is also available at https://support.apple.com/121866. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. GarageBand Available for: macOS Sonoma 14.4 and later Impact: Processing a maliciously crafted image may lead to arbitrary...
Source: Full Disclosure Mailinglist
February 2nd, 2025 (5 months ago)
Description: In October 2014, the (now defunct) Belgian gaming news forum 9Lives suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 109k unique email addresses along with usernames and salted MD5 password hashes.
Source: HaveIBeenPwnedLatestBreaches
February 2nd, 2025 (5 months ago)

CVE-2024-13099

Description: The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

EPSS Score: 0.04%

Source: CVE
February 2nd, 2025 (5 months ago)
Description: “CDC’s website is being modified to comply with President Trump’s Executive Orders.“
Source: 404 Media
February 1st, 2025 (5 months ago)
Description: 0mid16B Claims to have Leaked the Data of Cardinal Health
Source: DarkWebInformer
February 1st, 2025 (5 months ago)
Description: A Threat Actor Claims to be Selling Data of Spanish Hospital in Mexico
Source: DarkWebInformer
February 1st, 2025 (5 months ago)
Description: A Threat Actor Claims to have Leaked the Data of Colis Express S.A.
Source: DarkWebInformer
February 1st, 2025 (5 months ago)
Description: A Threat Actor Claims to have Leaked Data of Telkomsel
Source: DarkWebInformer
February 1st, 2025 (5 months ago)