CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-49136	listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user Description: listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the `env` and `expandenv` template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-user (super admin) installations, on multi-user installations, this allows non-super-admin users with campaign or template permissions to use the `{{ env }}` template expression to capture sensitive environment variables. Users should upgrade to v5.0.2 to mitigate the issue. CVSS: CRITICAL (9.1) EPSS Score: 0.03% Source: CVE June 9th, 2025 (13 days ago)
CVE-2025-45002	Vigybag v1.0 and before is vulnerable to Cross Site Scripting (XSS) via the upload profile picture function under my profile. Description: Vigybag v1.0 and before is vulnerable to Cross Site Scripting (XSS) via the upload profile picture function under my profile. CVSS: MEDIUM (5.4) EPSS Score: 0.03% Source: CVE June 9th, 2025 (13 days ago)
CVE-2024-46452	A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect... Description: A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect victim users to a malicious site via a crafted URL. CVSS: MEDIUM (6.1) EPSS Score: 0.03% Source: CVE June 9th, 2025 (13 days ago)
CVE-2024-24304	In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction. Description: In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction. EPSS Score: 0.07% SSVC Exploitation: none Source: CVE June 9th, 2025 (13 days ago)
CVE-2024-24188	Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c. Description: Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c. EPSS Score: 0.61% SSVC Exploitation: none Source: CVE June 9th, 2025 (13 days ago)
CVE-2024-24021	A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters... Description: A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list. CVSS: CRITICAL (9.8) EPSS Score: 0.05% SSVC Exploitation: none Source: CVE June 9th, 2025 (13 days ago)
	Let them eat junk food: Major organic supplier to Whole Foods, Walmart, hit by cyberattack Source: TheRegister June 9th, 2025 (13 days ago)
	Types of Hackers Description: Types of Hackers Source: DarkWebInformer June 9th, 2025 (13 days ago)
	Alleged Data Breach of Locate Family Description: Alleged Data Breach of Locate Family Source: DarkWebInformer June 9th, 2025 (13 days ago)
	Brett Leatherman to follow Bryan Vorndran as head of FBI Cyber Division Description: A longtime FBI official with deep cybersecurity experience is the new leader for the bureau's Cyber Division. Source: The Record June 9th, 2025 (13 days ago)