VYPR

NetAlertX

by Rhino Security Labs

CVEs (1)

  • CVE-2024-46506CriMay 13, 2025
    risk 0.73cvss 10.0epss 0.62

    NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php.