Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-48951 |
Description: Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.14.0 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Applications using the Auth0-PHP SDK are affected, as are applications using the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs, because those SDKsrely on the Auth0-PHP SDK versions from 8.0.0-BETA3 until 8.14.0. Version 8.14.0 contains a patch for the issue.
CVSS: CRITICAL (9.3)
June 3rd, 2025 (about 8 hours ago)
|
|
CVE-2024-23621 |
Description: A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution.
CVSS: CRITICAL (10.0) EPSS Score: 0.7% SSVC Exploitation: none
June 3rd, 2025 (about 10 hours ago)
|
|
CVE-2024-1143 |
Description: Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.
CVSS: CRITICAL (9.3) EPSS Score: 0.2% SSVC Exploitation: none
June 3rd, 2025 (about 10 hours ago)
|
|
CVE-2024-0402 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
CVSS: CRITICAL (9.9) EPSS Score: 31.72% SSVC Exploitation: poc
June 3rd, 2025 (about 10 hours ago)
|
|
CVE-2025-45854 |
Description: An arbitrary file upload vulnerability in the component /server/executeExec of JEHC-BPM v2.0.1 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS: CRITICAL (9.8) SSVC Exploitation: poc
June 3rd, 2025 (about 13 hours ago)
|
|
CVE-2025-44148 |
Description: Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component
CVSS: CRITICAL (9.8) SSVC Exploitation: poc
June 3rd, 2025 (about 13 hours ago)
|
|
CVE-2025-25022 |
Description: IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files.
CVSS: CRITICAL (9.6) SSVC Exploitation: none
June 3rd, 2025 (about 13 hours ago)
|
|
CVE-2023-4041 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 9.3
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Schneider Electric
Equipment: Wiser AvatarOn 6K Freelocate, Wiser Cuadro H 5P Socket
Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to inject code or bypass authentication.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Schneider Electric products are affected:
Wiser AvatarOn 6K Freelocate: All versions
Wiser Cuadro H 5P Socket: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass. This issue affects "Standalone" and "Application" versions of Gecko Bootloader.
CVE-2023-4041 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2023-4041. A base score of 9.3 has been calculated; the CVSS vector string is (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Commercial Facilities, Energy
COUNTRI...
CVSS: CRITICAL (9.8)
June 3rd, 2025 (about 13 hours ago)
|
|
CVE-2025-3755 |
Description: View CSAF
1. EXECUTIVE SUMMARY
CVSS v3 9.1
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Mitsubishi Electric
Equipment: MELSEC iQ-F Series
Vulnerability: Improper Validation of Specified Index, Position, or Offset in Input
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to read confidential information, cause a denial-of-service condition, or stop operations by sending specially crafted packets.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Mitsubishi Electric MELSEC iQ-F Series are affected. Products with [Note *1] are sold in limited regions:
FX5U-xMy/z x=32, 64, 80, y=T, R, z=ES,DS, ESS, DSS: All versions
FX5UC-xMy/z x=32, 64, 96, y=T, z=D, DSS: All versions
FX5UC-32MT/DS-TS, FX5UC-32MT/DSS-TS, FX5UC-32MR/DS-TS: All versions
FX5UJ-xMy/z x=24, 40, 60, y=T, R, z=ES,DS,ESS,DSS: All versions
FX5UJ-xMy/ES-A[Note *1] x=24, 40, 60, y=T, R: All versions
FX5S-xMy/z x=30, 40, 60, 80[Note *1], y=T, R, z= ES,DS,ESS,DSS: All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER VALIDATION OF SPECIFIED INDEX, POSITION, OR OFFSET IN INPUT CWE-1285
This vulnerability allows a remote attacker to read information in the product, cause a Denial-of-Service (DoS) condition in MELSOFT connection communication with Mitsubishi Electric FA products such as GX Works3 and GOT, or stop the operation of the CPU module (causing a DoS condition on the CPU module), by sending specially crafted packets. The product is need...
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
June 3rd, 2025 (about 13 hours ago)
|
|
CVE-2024-23059 |
Description: TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function.
CVSS: CRITICAL (9.8) EPSS Score: 2.3% SSVC Exploitation: poc
June 3rd, 2025 (about 14 hours ago)
|