CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-22912	RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. Description: RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. EPSS Score: 0.05% Source: CVE January 17th, 2025 (6 months ago)
CVE-2025-22907	RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function. Description: RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function. EPSS Score: 0.05% Source: CVE January 17th, 2025 (6 months ago)
CVE-2025-22906	RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. Description: RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. EPSS Score: 0.05% Source: CVE January 17th, 2025 (6 months ago)
CVE-2025-22905	RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp. Description: RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp. EPSS Score: 0.05% Source: CVE January 17th, 2025 (6 months ago)
CVE-2025-22904	RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function. Description: RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function. EPSS Score: 0.05% Source: CVE January 17th, 2025 (6 months ago)
CVE-2024-57811	In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is... Description: In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton. EPSS Score: 0.04% Source: CVE January 17th, 2025 (6 months ago)
CVE-2024-57785	Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php. Description: Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php. EPSS Score: 0.04% Source: CVE January 17th, 2025 (6 months ago)
CVE-2024-57784	An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal. Description: An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal. EPSS Score: 0.04% Source: CVE January 17th, 2025 (6 months ago)
CVE-2024-57776	A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute... Description: A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. EPSS Score: 0.04% Source: CVE January 17th, 2025 (6 months ago)
CVE-2024-57775	JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid. Description: JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid. EPSS Score: 0.05% Source: CVE January 17th, 2025 (6 months ago)