Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-32491
WordPress Rankology SEO – On-site SEO <= 2.2.3 - Privilege Escalation Vulnerability
Description: Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO allows Privilege Escalation. This issue affects Rankology SEO – On-site SEO: from n/a through 2.2.3.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE
April 11th, 2025 (8 days ago)

CVE-2025-31599
WordPress Bulk Product Sync plugin <= 8.6 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync allows SQL Injection. This issue affects Bulk Product Sync: from n/a through 8.6.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
April 11th, 2025 (8 days ago)

CVE-2025-31565
WordPress WPSmartContracts plugin <= 2.0.10 - SQL Injection vulnerability
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSmartContracts WPSmartContracts allows Blind SQL Injection. This issue affects WPSmartContracts: from n/a through 2.0.10.

CVSS: CRITICAL (9.3)

EPSS Score: 0.04%

Source: CVE
April 11th, 2025 (8 days ago)

CVE-2025-2636
InstaWP Connect <= 0.1.0.85 - Unauthenticated Local PHP File Inclusion
Description: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.1.0.85 via the 'instawp-database-manager' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

CVSS: CRITICAL (9.8)

EPSS Score: 0.25%

Source: CVE
April 11th, 2025 (8 days ago)

CVE-2024-29873
SQL injection vulnerability in Sentrifugo
Description: SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it.

CVSS: CRITICAL (9.8)

EPSS Score: 0.22%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (9 days ago)

CVE-2024-25652
In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report functionality) to gain unauthorized access to remote...
Description: In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users.

CVSS: CRITICAL (9.8)

EPSS Score: 0.09%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (9 days ago)

CVE-2024-28386
An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.
Description: An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.

CVSS: CRITICAL (9.8)

EPSS Score: 0.47%

SSVC Exploitation: none

Source: CVE
April 10th, 2025 (9 days ago)

CVE-2024-54092
Siemens Industrial Edge Devices
Description: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Edge Devices Vulnerability: Weak Authentication 2. RISK EVALUATION Successful exploitation of the vulnerability could allow an unauthenticated attacker to bypass authentication and impersonate a legitimate user. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: Siemens Industrial Edge Own Device (IEOD): All versions prior to V1.21.1-1-a Siemens Industrial Edge Virtual Device: All versions prior to V1.21.1-1-a Siemens SCALANCE LPE9413 (6GK5998-3GS01-2AC2): All versions Siemens SIMATIC IPC127E Industrial Edge Device: All versions prior to V3.0 Siemens SIMATIC IPC227E Industrial Edge Device: All versions prior V3.0 Siemens SIMATIC IPC427E Industrial Edge Device: All versions Siemens SIMATIC IPC847E Industrial Edge Device: All versions prior V3.0 Siemens SIMATIC IPC BX-39A Industrial Edge Device: All versions prior V3.0 Siemens SIMATIC IPC BX-59A Industrial Edge Device: All versions prior V3.0 3.2 VULNERABILITY OVERVIEW 3.2.1 WEAK AUTHENTICATION CWE-1390 The affected devices do not...

CVSS: CRITICAL (9.8)

EPSS Score: 0.2%

Source: All CISA Advisories
April 10th, 2025 (9 days ago)

CVE-2024-41788
Siemens SENTRON 7KT PAC1260 Data Manager
Description: As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SENTRON 7KT PAC1260 Data Manager Vulnerabilities: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Missing Authentication for Critical Function, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Use of Hard-coded Credentials, Cross-Site Request Forgery (CSRF), Unverified Password Change 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary code with root privileges or allow an unauthenticated remote attacker to read or clear the log files on the device, reset the device, set the date and time, access arbitrary files on the device with root privileges, or enable remote access to the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: SENTRON 7KT PAC1260 Data Manager: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 The web interface of aff...

CVSS: CRITICAL (9.1)

EPSS Score: 0.27%

Source: All CISA Advisories
April 10th, 2025 (9 days ago)
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
Description: Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for

CVSS: CRITICAL (9.0)

Source: TheHackerNews
April 10th, 2025 (9 days ago)