CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-56038 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendSMS allows Reflected XSS.This issue affects SendSMS: from n/a through 1.2.9.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 4th, 2025 (6 months ago)
|
|
CVE-2024-56037 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md Maruf Adnan Sami User Referral allows Reflected XSS.This issue affects User Referral: from n/a through 8.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 4th, 2025 (6 months ago)
|
|
CVE-2024-56034 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Irshad Services updates for customers allows Reflected XSS.This issue affects Services updates for customers: from n/a through 1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 4th, 2025 (6 months ago)
|
|
CVE-2024-56028 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lemonade Coding Studio Lemonade Social Networks Autoposter Pinterest allows Reflected XSS.This issue affects Lemonade Social Networks Autoposter Pinterest: from n/a through 2.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 4th, 2025 (6 months ago)
|
|
CVE-2024-56027 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BizSwoop a CPF Concepts, LLC Brand Leads CRM allows Reflected XSS.This issue affects Leads CRM: from n/a through 2.0.13.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 4th, 2025 (6 months ago)
|
|
CVE-2024-56019 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gavin Rehkemper Inline Footnotes allows Stored XSS.This issue affects Inline Footnotes: from n/a through 2.3.0.
CVSS: MEDIUM (6.5) EPSS Score: 0.04%
January 4th, 2025 (6 months ago)
|
|
CVE-2024-56014 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markyis Cool Olivia allows Reflected XSS.This issue affects Olivia: from n/a through 0.9.5.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 4th, 2025 (6 months ago)
|
|
CVE-2024-12237 |
Description: The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.15 via the rjg_get_youtube_info_justified_gallery_callback function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to retrieve limited information from internal services.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
January 4th, 2025 (6 months ago)
|
|
CVE-2024-12132 |
Description: The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create jobs for companies that are unaffiliated with the attacker.
CVSS: MEDIUM (4.3) EPSS Score: 0.05%
January 4th, 2025 (6 months ago)
|
|
CVE-2024-11733 |
Description: The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVSS: HIGH (7.3) EPSS Score: 0.05%
January 4th, 2025 (6 months ago)
|