CVE-2024-46506 – NetAlertX Unauthenticated Command Injection Vulnerability

May 13, 2025

CVE ID : CVE-2024-46506

Published : May 13, 2025, 4:15 p.m. | 14 minutes ago

Description : NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-48766 – NetAlertX HTTP File Disclosure

Next Article SymbolEditor is a cross stitch symbol editor

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

OpenAI may prematurely declare AGI to cut ties with Microsoft — despite Sam Altman admitting today’s tech isn’t built for it

Forget YouTube’s ad blocker war — this Google AI Overviews clone might finally sell me on the $14/month Premium subscription

Say hello to ECMAScript 2025

Say hello to ECMAScript 2025

Ecma International approves ECMAScript 2025: What’s new?

Building Together: PRFT Colleagues Volunteer with Atlanta Habitat for Humanity

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

OpenAI may prematurely declare AGI to cut ties with Microsoft — despite Sam Altman admitting today’s tech isn’t built for it

CVE-2024-46506 – NetAlertX Unauthenticated Command Injection Vulnerability

CVE-2023-28902 – Skoda MIB3 Infotainment Unit Integer Underflow Denial-of-Service Vulnerability

CVE-2023-28906 – Skoda MIB3 Infotainment Command Injection Vulnerability

Forget AGI – Meta is going after ‘superintelligence’ now

Amsam – image cropping tool

Linus Torvalds Respinge l’Idea di Abilitare DAMON di Default nel Kernel Linux

CVE-2025-6020 – Linux-PAM pam_namespace Path Traversal Privilege Escalation Vulnerability

Skywings Marketing – Top Digital Marketing Agency in Vaishali for Smart Business Solutions

CVE-2025-4264 – PHPGurukul Emergency Ambulance Hiring Portal SQL Injection Vulnerability

Ubisoft says you don’t own your video games, read the fine print

Developer Spotlight: Reksa Andhika

CVE-2024-46506 – NetAlertX Unauthenticated Command Injection Vulnerability

Related Posts