Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-23613 |
Description: A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM.
CVSS: CRITICAL (10.0) EPSS Score: 5.78% SSVC Exploitation: none
May 29th, 2025 (9 days ago)
|
|
CVE-2024-20253 |
Description: A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
CVSS: CRITICAL (9.9) EPSS Score: 1.17% SSVC Exploitation: none
May 29th, 2025 (9 days ago)
|
|
CVE-2025-48047 |
Description: An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint.
CVSS: CRITICAL (9.4) EPSS Score: 0.65%
May 29th, 2025 (9 days ago)
|
|
CVE-2025-3755 |
Description: Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
May 29th, 2025 (9 days ago)
|
|
Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-2146.
CVSS: CRITICAL (9.8) EPSS Score: 0.16%
May 28th, 2025 (10 days ago)
|
|
CVE-2025-3357 |
Description: IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.
CVSS: CRITICAL (9.8) EPSS Score: 0.26%
May 28th, 2025 (10 days ago)
|
|
CVE-2025-5277 |
Description: aws-mcp-server MCP server is vulnerable to command injection. An attacker can craft a prompt that once accessed by the MCP client will run arbitrary commands on the host system.
CVSS: CRITICAL (9.4) EPSS Score: 0.13% SSVC Exploitation: none
May 28th, 2025 (10 days ago)
|
|
🚨 Marked as known exploited on May 28th, 2025 (10 days ago).
Description: Meet the elite squad that’s hunting the next major cyberattack. With more than 150 years of combined research experience and expert analysis, the Tenable Research Special Operations team arms organizations with the critical and actionable intelligence necessary to proactively defend the modern attack surface. The digital battlefield is constantly shifting. It's no longer enough to just react. We need to anticipate. Massive data breaches leave consumers exposed to identity thieves, ransomware attacks cripple hospitals, and Nation State actors disrupt critical infrastructure. It's not just about vulnerable software anymore. In our hyper-connected world, from the smart devices in your home to the complex systems running our cities, everything is a potential target. The explosion of cloud services and AI is accelerating this risk, creating countless new windows for cybercriminals and hostile nations to exploit. From software and hardware vulnerabilities, to misconfigurations, compromised identities, overexposed and highly privileged environments, and publicly accessible databases, the threat landscape is everywhere, all at once. As of October 2024, over 240,000 Common Vulnerabilities and Exposures (CVEs) have been tracked through the MITRE CVE program, including many that have significantly impacted consumers, businesses and governments. The volume has historically been too much for security teams to keep up with. Beyond the sheer increase in the volume of traditional vulnerab...
CVSS: CRITICAL (9.6) EPSS Score: 8.83%
May 28th, 2025 (10 days ago)
|
|
Description: A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware.
The vulnerability in question is CVE-2025-32432, a maximum severity flaw in Craft CMS that was patched in
CVSS: CRITICAL (10.0)
May 28th, 2025 (10 days ago)
|
|
CVE-2025-27528 |
Description: Deserialization of Untrusted Data vulnerability in Apache InLong.
This issue affects Apache InLong: from 1.13.0 through 2.1.0.
This
vulnerability allows attackers to bypass the security mechanisms of InLong
JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick [1] to solve it.
[1] https://github.com/apache/inlong/pull/11747
CVSS: CRITICAL (9.1) EPSS Score: 0.11%
May 28th, 2025 (10 days ago)
|