VYPR

NetAlertX

by NetAlertX

Source repositories

CVEs (4)

  • CVE-2024-46506CriMay 13, 2025
    risk 0.73cvss 10.0epss 0.62

    NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via settings update because function=savesettings lacks an authentication requirement, as exploited in the wild in May 2025. This is related to settings.php and util.php.

  • CVE-2025-32440CriMay 27, 2025
    risk 0.65cvss 10.0epss 0.01

    NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted…

  • CVE-2024-48766HigMay 13, 2025
    risk 0.64cvss 8.6epss 0.68

    NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php.

  • CVE-2025-48952CriJul 4, 2025
    risk 0.61cvss 9.4epss 0.01

    NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application,…