CyberAlerts

CVE-2024-24135

Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks.

Description: Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks.

CVSS: MEDIUM (6.1)

EPSS Score: 0.55%

SSVC Exploitation: poc

Source: CVE

June 5th, 2025 (3 days ago)

CVE-2024-24131

SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.

Description: SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.

CVSS: MEDIUM (6.1)

EPSS Score: 10.11%

SSVC Exploitation: none

Source: CVE

June 5th, 2025 (3 days ago)

CVE-2024-24019

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort...

Description: A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE

June 5th, 2025 (3 days ago)

CVE-2024-24014

A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters...

Description: A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE

June 5th, 2025 (3 days ago)

CVE-2024-22027

Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial...

Description: Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.

CVSS: MEDIUM (6.5)

EPSS Score: 0.51%

SSVC Exploitation: none

Source: CVE

June 5th, 2025 (3 days ago)

Alleged data breach of NBN Co

Description: Alleged data breach of NBN Co

Source: DarkWebInformer

June 5th, 2025 (3 days ago)

🏴‍☠️ Flocker has just published a new victim : A*****e.gov.ae

Description: To The Leadership Of A*****e D********t of L**d & R**l E****e We have breached main servers, And We Also Exfiltrated […]

Source: Ransomware.live

June 5th, 2025 (3 days ago)

Everyone's on the cyber target list

Description: In this week's newsletter, Martin emphasizes that awareness, basic cyber hygiene and preparation are essential for everyone, and highlights Talos' discovery of the new PathWiper malware.

Source: Cisco Talos Blog

June 5th, 2025 (3 days ago)

Backdoored Malware Reels in Newbie Cybercriminals

Description: Sophos researchers found this operation has similarities or connections to many other campaigns targeting GitHub repositories dating back to August 2022.

Source: Dark Reading

June 5th, 2025 (3 days ago)

ZDI-25-325: Hewlett Packard Enterprise Insight Remote Support processAttachmentDataStream Directory Traversal Remote Code Execution Vulnerability

Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-37099.

Source: Zero Day Initiative Published Advisories

June 5th, 2025 (3 days ago)

Threat and Vulnerability Intelligence Database

Example Searches: