CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-57556 |
Description: Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component
EPSS Score: 0.05%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-57386 |
Description: Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function.
EPSS Score: 0.05%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-57329 |
Description: HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads.
EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-57328 |
Description: A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access.
EPSS Score: 0.11%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-57326 |
Description: A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the search parameter.
EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-57277 |
Description: InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload.
EPSS Score: 0.05%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-57184 |
Description: An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_process_pmt in media_tools/mpegts.c:2163 that can cause a denial of service (DOS) via a crafted MP4 file.
EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-57095 |
Description: SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload.
EPSS Score: 0.04%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-57041 |
Description: A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile.
EPSS Score: 0.05%
January 25th, 2025 (5 months ago)
|
|
CVE-2024-56404 |
Description: In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected.
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
January 25th, 2025 (5 months ago)
|