EUVD-2025-16309

Malicious code in bioql PyPI...

CVE-2025-48952

NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password...

PT-2025-28025 · Netalertx · Netalertx

Name of the Vulnerable Software and Affected Versions: NetAlertX versions prior to 25.6.7 Description: NetAlertX is a network, presence scanner, and alert framework. A vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes due to a loose...

CVE-2025-32440

CVE-2025-32440 affects NetAlertX before version 25.4.14. An authentication bypass allows updating settings without authentication by crafting requests to /index.php, enabling exploitation of sensitive functions in util.php. The issue is confirmed as patched in version 25.4.14. Impact is described...

CVE-2025-32440 NetAlertX Vulnerable to Authentication Bypass

NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to...

CVE-2024-48766

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php...

CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...

CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...

CVE-2024-48766

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php...

CVE-2024-48766

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php...

CVE-2024-46506

NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php...

CVE-2024-48766

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php...

NetAlertX File Read Vulnerability

This module exploits improper authentication in logs.php endpoint. An unathenticated attacker can request log file and read any file due path traversal vulnerability. Module Options msf use auxiliary/scanner/http/netalertxfileread msf auxiliarynetalertxfileread show actions ...actions... msf...

NetAlertX 24.9.12 Command Injection

An attacker can update NetAlertX settings with no authentication, which results in command injection. Versions 23.01.14 through 24.9.12 are affected. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...