CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2019-19245	Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit Update Python3 Description: Posted by hyp3rlinx on Feb 01Updated SQL Injection CVE-2019-19245 exploit for Python3. import requests,time,re,sys,argparse #NAPC Xinet Elegant 6 Asset Library v6.1.655 #Pre-Auth SQL Injection 0day Exploit #By hyp3rlinx #ApparitionSec #UPDATED: Jan 2024 for python3 #TODO: add SSL support #=============================== #This will dump tables, usernames and passwords in vulnerable versions #REQUIRE PARAMS:... Source: Full Disclosure Mailinglist February 2nd, 2025 (5 months ago)
	Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS) Description: Posted by David Fifield on Feb 01I tested a few more times, and it appears the text injection has disappeared. These are timestamps when I tested, with offsets relative to the initial discovery. +0h 2025-01-28 03:00 initial discovery +5h 2025-01-28 08:19 ?q=EgtoZWxsbyB3b3JsZA works (https://archive.is/DD9xB) +14h 2025-01-28 17:31 ?q=EgtoZWxsbyB3b3JsZA works (no archive) +45h... Source: Full Disclosure Mailinglist February 2nd, 2025 (5 months ago)
	APPLE-SA-01-30-2025-1 GarageBand 10.4.12 Description: Posted by Apple Product Security via Fulldisclosure on Feb 01APPLE-SA-01-30-2025-1 GarageBand 10.4.12 GarageBand 10.4.12 addresses the following issues. Information about the security content is also available at https://support.apple.com/121866. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. GarageBand Available for: macOS Sonoma 14.4 and later Impact: Processing a maliciously crafted image may lead to arbitrary... Source: Full Disclosure Mailinglist February 2nd, 2025 (5 months ago)
	9Lives - 109,515 breached accounts Description: In October 2014, the (now defunct) Belgian gaming news forum 9Lives suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed 109k unique email addresses along with usernames and salted MD5 password hashes. Source: HaveIBeenPwnedLatestBreaches February 2nd, 2025 (5 months ago)
CVE-2024-13099	Widget4call <= 1.0.7 - Reflected XSS Description: The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. EPSS Score: 0.04% Source: CVE February 2nd, 2025 (5 months ago)
	The CDC’s Website Is Being Actively Purged to Comply With Trump DEI Order Description: “CDC’s website is being modified to comply with President Trump’s Executive Orders.“ Source: 404 Media February 1st, 2025 (5 months ago)
	0mid16B Claims to have Leaked the Data of Cardinal Health Description: 0mid16B Claims to have Leaked the Data of Cardinal Health Source: DarkWebInformer February 1st, 2025 (5 months ago)
	A Threat Actor Claims to be Selling Data of Spanish Hospital in Mexico Description: A Threat Actor Claims to be Selling Data of Spanish Hospital in Mexico Source: DarkWebInformer February 1st, 2025 (5 months ago)
	A Threat Actor Claims to have Leaked the Data of Colis Express S.A. Description: A Threat Actor Claims to have Leaked the Data of Colis Express S.A. Source: DarkWebInformer February 1st, 2025 (5 months ago)
	A Threat Actor Claims to have Leaked Data of Telkomsel Description: A Threat Actor Claims to have Leaked Data of Telkomsel Source: DarkWebInformer February 1st, 2025 (5 months ago)