Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1093 |
Description: The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: CRITICAL (9.8)
April 19th, 2025 (about 3 hours ago)
|
|
CVE-2025-3278 |
Description: The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
CVSS: CRITICAL (9.8)
April 19th, 2025 (about 4 hours ago)
|
|
CVE-2025-32434 |
Description: PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
CVSS: CRITICAL (9.3)
April 18th, 2025 (about 15 hours ago)
|
|
Description: ASUS AiCloud Vulnerability (CVE-2025-2492) Enables Remote Function Execution via Authentication Bypass
CVSS: CRITICAL (9.2) EPSS Score: 0.1%
April 18th, 2025 (about 15 hours ago)
|
|
Description: Proof-of-concept code has been released after researchers disclosed a maximum severity remote code execution vulnerability in Erlang/OTP SSH. Successful exploitation could allow for complete takeover of affected devices.BackgroundOn April 16, Fabian Bäumer, Marcus Brinkmann, Marcel Maehren, and Jörg Schwenk of the Ruhr University Bochum in Germany disclosed a critical vulnerability in Erlang/OTP SSH to the OpenWall vulnerability mailing list. Additionally an official advisory was posted to the GitHub project for Erlang/OTP crediting the researchers for their disclosure.CVEDescriptionCVSSv3VPRCVE-2025-32433Erlang/OTP SSH Remote Code Execution Vulnerability10.010*Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. This blog post was published on April 18 and reflects VPR at that time.AnalysisCVE-2025-32433 is a remote code execution (RCE) vulnerability affecting the Erlang/OTP SSH server. The vulnerability exists due to a flaw in the SSH protocol message handling which could allow an unauthenticated attacker to execute arbitrary code. According to the advisory, all users running Erlang/OTP SSH servers are impacted and to assume impact if your application utilizes the Erlang/OTP SSH library. This vulnerability received the maximum CVSSv3 score of 10.0 and when the SSH daemon is running as root, allows an attacker to completely compromise an affected device.At the time this blog was published, no known exploitation has been observed, howev...
CVSS: CRITICAL (10.0) EPSS Score: 0.39%
April 18th, 2025 (about 16 hours ago)
|
|
Description: A critical vulnerability tracked as CVE-2025-2492 has been disclosed in ASUS routers running AiCloud, potentially allowing remote attackers to execute unauthorized functions without authentication. The flaw, rated 9.2 (Critical) under the CVSS 4.0 system, affects multiple firmware versions and underscores the continued risk posed by exposed cloud-enabled features in consumer networking devices. The vulnerability was …
The post Critical Authentication Flaw in ASUS AiCloud Exposes Routers to Remote Attacks appeared first on CyberInsider.
CVSS: CRITICAL (9.2) EPSS Score: 0.1%
April 18th, 2025 (about 21 hours ago)
|
|
CVE-2025-2492 |
Description: An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions.
Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information.
CVSS: CRITICAL (9.2) EPSS Score: 0.1%
April 18th, 2025 (about 22 hours ago)
|
|
CVE-2025-1863 |
Description: Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.
This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
April 18th, 2025 (1 day ago)
|
|
CVE-2025-39471 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pantherius Modal Survey.This issue affects Modal Survey: from n/a through 2.0.2.0.1.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
April 18th, 2025 (1 day ago)
|
|
CVE-2025-42599 |
Description: Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
CVSS: CRITICAL (9.8) EPSS Score: 0.27%
April 18th, 2025 (1 day ago)
|