CVE-2024-48766 – NetAlertX HTTP File Disclosure

May 13, 2025

CVE ID : CVE-2024-48766

Published : May 13, 2025, 4:15 p.m. | 14 minutes ago

Description : NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-22462 – Ivanti Neurons for ITSM Authentication Bypass Vulnerability

Next Article CVE-2024-46506 – NetAlertX Unauthenticated Command Injection Vulnerability

Highlights

CVE-2024-8988 – PeepSo Core: File Uploads Plugin WordPress Insecure Direct Object Reference

May 14, 2025

CVE ID : CVE-2024-8988

Published : May 14, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the file_download REST API endpoint due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to download files uploaded by others users and expose potentially sensitive information.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

OpenAI may prematurely declare AGI to cut ties with Microsoft — despite Sam Altman admitting today’s tech isn’t built for it

Forget YouTube’s ad blocker war — this Google AI Overviews clone might finally sell me on the $14/month Premium subscription

Say hello to ECMAScript 2025

Say hello to ECMAScript 2025

Ecma International approves ECMAScript 2025: What’s new?

Building Together: PRFT Colleagues Volunteer with Atlanta Habitat for Humanity

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

OpenAI may prematurely declare AGI to cut ties with Microsoft — despite Sam Altman admitting today’s tech isn’t built for it

CVE-2024-48766 – NetAlertX HTTP File Disclosure

Qilin Ransomware Attack on NHS Causes Patient Death in the UK

CVE-2025-6817 – HDF5 Resource Consumption Denial of Service

CVE-2025-32978 – Quest KACE Systems Management Appliance License Replacement Vulnerability

CVE-2025-32926 – ThemeGoods Grand Restaurant WordPress Path Traversal Vulnerability

The next big Silent HIll game is coming to Xbox and PC sooner than you think

Bilt Rewards now lets you pay your student loans with points

CVE-2024-8988 – PeepSo Core: File Uploads Plugin WordPress Insecure Direct Object Reference

CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0

Hackers Actively Exploiting Zyxel RCE Vulnerability Via UDP Port

Distribution Release: Raspberry Pi OS 2025-05-06

CVE-2024-48766 – NetAlertX HTTP File Disclosure

Related Posts