CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-57099

Description: ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-57097

Description: ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-57004

Description: Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-56903

Description: A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to execute arbitrary operations via supplying a crafted HTTP request.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-56902

Description: An issue in Geovision GV-ASWeb with version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to be able to request information about other accounts via a crafted HTTP request.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-55456

Description: lunasvg v3.0.1 was discovered to contain a segmentation violation via the component gray_find_cell

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-53943

Description: An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current user by injecting JavaScript into the SSID field. If an administrator logs into the device, the injected script runs in their browser, executing the malicious payload.

EPSS Score: 0.05%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-53942

Description: An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to command injection via the 2.4 GHz and 5 GHz name parameters, allowing a remote attacker to execute arbitrary OS commands on the device (with root-level permissions) via crafted input.

EPSS Score: 0.05%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-50656

Description: itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)

CVE-2024-36437

Description: The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component.

EPSS Score: 0.04%

Source: CVE
February 4th, 2025 (5 months ago)