CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

	UNITED NATURAL FOODS, INC. has Filed Form 8-K Due to a Cybersecurity Incident Description: UNITED NATURAL FOODS, INC. has Filed Form 8-K Due to a Cybersecurity Incident Source: DarkWebInformer June 9th, 2025 (4 days ago)
CVE-2024-42009	RoundCube Webmail Cross-Site Scripting Vulnerability Description: RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. Source: CISA KEV June 9th, 2025 (4 days ago)
CVE-2025-49136	listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user Description: listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user installations, this allows non-super-admin users with campaign or template permissions to use the `{{ env }}` template expression to capture sensitive environment variables. Users should upgrade to v5.0.2 to mitigate the issue. CVSS: CRITICAL (9.1) EPSS Score: 0.03% Source: CVE June 9th, 2025 (4 days ago)
CVE-2025-45002	Vigybag v1.0 and before is vulnerable to Cross Site Scripting (XSS) via the upload profile picture function under my profile. Description: Vigybag v1.0 and before is vulnerable to Cross Site Scripting (XSS) via the upload profile picture function under my profile. EPSS Score: 0.03% Source: CVE June 9th, 2025 (4 days ago)
CVE-2024-46452	A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect... Description: A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect victim users to a malicious site via a crafted URL. EPSS Score: 0.03% Source: CVE June 9th, 2025 (4 days ago)
CVE-2024-24304	In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction. Description: In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction. EPSS Score: 0.07% SSVC Exploitation: none Source: CVE June 9th, 2025 (4 days ago)
CVE-2024-24188	Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c. Description: Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c. EPSS Score: 0.59% SSVC Exploitation: none Source: CVE June 9th, 2025 (4 days ago)
CVE-2024-24021	A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters... Description: A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list. CVSS: CRITICAL (9.8) EPSS Score: 0.05% SSVC Exploitation: none Source: CVE June 9th, 2025 (4 days ago)
	Let them eat junk food: Major organic supplier to Whole Foods, Walmart, hit by cyberattack Source: TheRegister June 9th, 2025 (4 days ago)
	Types of Hackers Description: Types of Hackers Source: DarkWebInformer June 9th, 2025 (4 days ago)