Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-50603
Critical Vulnerability Alert: CVE-2024-50603 Critical Command Injection Vulnerability in Aviatrix Controller
Description: Critical Vulnerability Alert: CVE-2024-50603 Critical Command Injection Vulnerability in Aviatrix Controller

CVSS: CRITICAL (10.0)

EPSS Score: 92.43%

Source: DarkWebInformer
January 9th, 2025 (3 months ago)

CVE-2025-0282
Hackers Exploiting Critical Ivanti VPN Code Execution Vulnerability
Description: Ivanti has disclosed a critical zero-day vulnerability (CVE-2025-0282) actively exploited in the wild, affecting Ivanti Connect Secure (ICS) VPN appliances. The flaw, a stack-based buffer overflow, allows unauthenticated remote code execution, potentially compromising entire network infrastructures. Ivanti has released a patch and strongly advises immediate updates to ICS version 22.7R2.5 or higher. The advisory also … The post Hackers Exploiting Critical Ivanti VPN Code Execution Vulnerability appeared first on CyberInsider.

CVSS: CRITICAL (9.0)

EPSS Score: 15.33%

Source: CyberInsider
January 9th, 2025 (3 months ago)

CVE-2025-0282
Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
Description: Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2

CVSS: CRITICAL (9.0)

EPSS Score: 15.33%

Source: TheHackerNews
January 9th, 2025 (3 months ago)

CVE-2025-22141
WeGIA SQL Injection (Blind Time-Based) endpoint 'verificar_recursos_cargo.php' parameter 'cargo'
Description: WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8.

CVSS: CRITICAL (9.4)

EPSS Score: 0.04%

Source: CVE
January 9th, 2025 (3 months ago)

CVE-2025-22140
WeGIA SQL Injection (Blind Time-Based) endpoint 'dependente_listar_um.php' parameter 'id_dependente'
Description: WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8.

CVSS: CRITICAL (9.4)

EPSS Score: 0.04%

Source: CVE
January 9th, 2025 (3 months ago)

CVE-2025-22137
Arbitrary File Overwrite via HTTP POST in Pingvin Share
Description: Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issue has been patched in version 1.4.0.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
January 9th, 2025 (3 months ago)

CVE-2025-0282
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons...
🚨 Marked as known exploited on January 8th, 2025 (3 months ago).
Description: A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

CVSS: CRITICAL (9.0)

EPSS Score: 15.33%

Source: CVE
January 9th, 2025 (3 months ago)

CVE-2024-11635
WordPress File Upload <= 4.24.12 - Unuathenticated Remote Code Execution
Description: The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.

CVSS: CRITICAL (9.8)

EPSS Score: 0.09%

Source: CVE
January 9th, 2025 (3 months ago)

CVE-2024-11613
WordPress File Upload <= 4.24.15 - Unauthenticated Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion
Description: The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the 'source' parameter and allowing a user-defined directory path. This makes it possible for unauthenticated attackers to execute code on the server.

CVSS: CRITICAL (9.8)

EPSS Score: 0.15%

Source: CVE
January 9th, 2025 (3 months ago)

CVE-2024-11350
AdForest <= 5.1.6 - Privilege Escalation via Password Reset/Account Takeover
Description: The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

CVSS: CRITICAL (9.8)

EPSS Score: 0.09%

Source: CVE
January 9th, 2025 (3 months ago)