NetAlertX 23.01.14–24.x < 24.10.12 - Remote Code Execution

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php. id: CVE-2024-46506 info: name:...

Exploit for Missing Authentication for Critical Function in Netalertx

CVE-2024-46506 This is a standalone Python implementation for...

EUVD-2025-16309

Malicious code in bioql PyPI...

CVE-2025-48952

NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password...

CVE-2025-48952

NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password...

CVE-2025-48952 NetAlertX has Password Bypass Vulnerability due to Loose Comparison in PHP

NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password...

CVE-2025-48952

NetAlertX (pre-25.6.7) contains an authentication bypass vulnerability in the PHP login check. The issue arises from a loose comparison using the == operator in front/index.php (line 40), which allows specially crafted SHA-256 magic hashes to bypass password verification. Hash values starting wit...

NetAlertX 安全漏洞

NetAlertX is a network intruder and presence detector from the individual developer of jokob-sk. A security vulnerability exists in NetAlertX versions prior to 25.6.7, which stems from a SHA-256 magic hash authentication bypass that could lead to login bypass...

PT-2025-28025 · Netalertx · Netalertx

Name of the Vulnerable Software and Affected Versions: NetAlertX versions prior to 25.6.7 Description: NetAlertX is a network, presence scanner, and alert framework. A vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes due to a loose...

CVE-2025-32440

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to...

CVE-2025-32440

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to...

CVE-2025-32440

CVE-2025-32440 affects NetAlertX before version 25.4.14. An authentication bypass allows updating settings without authentication by crafting requests to /index.php, enabling exploitation of sensitive functions in util.php. The issue is confirmed as patched in version 25.4.14. Impact is described...

CVE-2025-32440 NetAlertX Vulnerable to Authentication Bypass

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to...

CVE-2025-32440 NetAlertX Vulnerable to Authentication Bypass

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to...

CVE-2025-32440 NetAlertX Vulnerable to Authentication Bypass

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to...

NetAlertX 访问控制错误漏洞

NetAlertX is a network intruder and presence detector from the jokob-sk individual developer. An access control error vulnerability exists in NetAlertX versions prior to 25.4.14 that stems from a bypass of the authentication mechanism and could lead to an unauthorized update of settings...

CVE-2024-48766

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php...

CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...

CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...

CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...