CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-57238 |
Description: Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57237 |
Description: Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /reqproc/proc_get endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Type of text/html. This behavior allows the browser to execute injected JavaScript code.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57175 |
Description: A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php.
CVSS: MEDIUM (5.4) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57099 |
Description: ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57098 |
Description: Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully designed payloads into the order parameter.
CVSS: CRITICAL (9.8) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57097 |
Description: ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-57004 |
Description: Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-56946 |
Description: Denial of service in DNS-over-QUIC in Technitium DNS Server <= v13.2.2 allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads.
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-56921 |
Description: An issue was discovered in Open5gs v2.7.2. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of gmm_state_exception() function upon receipt of the Nausf_UEAuthentication_Authenticate response.
CVSS: HIGH (7.5) EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|
|
CVE-2024-56903 |
Description: A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to execute arbitrary operations via supplying a crafted HTTP request.
EPSS Score: 0.04%
February 4th, 2025 (5 months ago)
|