CyberAlerts

CVE-2024-0265

SourceCodester Clinic Queuing System GET Parameter index.php file inclusion

Description: A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability. Eine Schwachstelle wurde in SourceCodester Clinic Queuing System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /index.php der Komponente GET Parameter Handler. Dank der Manipulation des Arguments page mit unbekannten Daten kann eine file inclusion-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.48%

SSVC Exploitation: poc

Source: CVE

June 9th, 2025 (5 days ago)

Alleged database sale of Podoservice

Description: Alleged database sale of Podoservice

Source: DarkWebInformer

June 9th, 2025 (5 days ago)

Girls Do Porn Ringleader Pleads Guilty, Faces Life In Prison

Description: Michael Pratt led Girls Do Porn, a sex trafficking operation that targeted hundreds of young women with force, fraud and coercion.

Source: 404 Media

June 9th, 2025 (5 days ago)

CVE-2025-5888

jsnjfz WebStack-Guns cross-site request forgery

Description: A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In jsnjfz WebStack-Guns 1.0 wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode. Durch das Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.02%

Source: CVE

June 9th, 2025 (5 days ago)

CVE-2025-5887

jsnjfz WebStack-Guns File Upload UserMgrController.java cross site scripting

Description: A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic. Affected is an unknown function of the file UserMgrController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in jsnjfz WebStack-Guns 1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei UserMgrController.java der Komponente File Upload. Mittels Manipulieren des Arguments File mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.1)

EPSS Score: 0.03%

Source: CVE

June 9th, 2025 (5 days ago)

CVE-2025-49653

Exposure of sensitive Information allows account takeover

Description: Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.

CVSS: HIGH (8.0)

EPSS Score: 0.04%

Source: CVE

June 9th, 2025 (5 days ago)

CVE-2025-49652

Improper access control allows arbitrary account creation

Description: Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE

June 9th, 2025 (5 days ago)

CVE-2025-49651

Missing Authorization for Interactive Sessions

Description: Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.

CVSS: HIGH (8.1)

EPSS Score: 0.04%

Source: CVE

June 9th, 2025 (5 days ago)

CVE-2025-46041

A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description...

Description: A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).

CVSS: MEDIUM (5.4)

EPSS Score: 0.03%

Source: CVE

June 9th, 2025 (5 days ago)

CVE-2025-45001

react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext...

Description: react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools.

CVSS: HIGH (7.5)

EPSS Score: 0.01%

Source: CVE

June 9th, 2025 (5 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-0265	SourceCodester Clinic Queuing System GET Parameter index.php file inclusion Description: A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability. Eine Schwachstelle wurde in SourceCodester Clinic Queuing System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht näher spezifizierte Funktion der Datei /index.php der Komponente GET Parameter Handler. Dank der Manipulation des Arguments page mit unbekannten Daten kann eine file inclusion-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.3) EPSS Score: 0.48% SSVC Exploitation: poc Source: CVE June 9th, 2025 (5 days ago)
	Alleged database sale of Podoservice Description: Alleged database sale of Podoservice Source: DarkWebInformer June 9th, 2025 (5 days ago)
	Girls Do Porn Ringleader Pleads Guilty, Faces Life In Prison Description: Michael Pratt led Girls Do Porn, a sex trafficking operation that targeted hundreds of young women with force, fraud and coercion. Source: 404 Media June 9th, 2025 (5 days ago)
CVE-2025-5888	jsnjfz WebStack-Guns cross-site request forgery Description: A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In jsnjfz WebStack-Guns 1.0 wurde eine problematische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode. Durch das Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (5.3) EPSS Score: 0.02% Source: CVE June 9th, 2025 (5 days ago)
CVE-2025-5887	jsnjfz WebStack-Guns File Upload UserMgrController.java cross site scripting Description: A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic. Affected is an unknown function of the file UserMgrController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine problematische Schwachstelle in jsnjfz WebStack-Guns 1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei UserMgrController.java der Komponente File Upload. Mittels Manipulieren des Arguments File mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (5.1) EPSS Score: 0.03% Source: CVE June 9th, 2025 (5 days ago)
CVE-2025-49653	Exposure of sensitive Information allows account takeover Description: Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform. CVSS: HIGH (8.0) EPSS Score: 0.04% Source: CVE June 9th, 2025 (5 days ago)
CVE-2025-49652	Improper access control allows arbitrary account creation Description: Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled. CVSS: CRITICAL (9.8) EPSS Score: 0.05% Source: CVE June 9th, 2025 (5 days ago)
CVE-2025-49651	Missing Authorization for Interactive Sessions Description: Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI. CVSS: HIGH (8.1) EPSS Score: 0.04% Source: CVE June 9th, 2025 (5 days ago)
CVE-2025-46041	A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description... Description: A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add). CVSS: MEDIUM (5.4) EPSS Score: 0.03% Source: CVE June 9th, 2025 (5 days ago)
CVE-2025-45001	react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext... Description: react-native-keys 0.7.11 is vulnerable to sensitive information disclosure (remote) as encryption cipher and Base64 chunks are stored as plaintext in the compiled native binary. Attackers can extract these secrets using basic static analysis tools. CVSS: HIGH (7.5) EPSS Score: 0.01% Source: CVE June 9th, 2025 (5 days ago)