Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-3057 |
Description: A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.
CVSS: CRITICAL (9.8) EPSS Score: 0.1% SSVC Exploitation: none
April 10th, 2025 (9 days ago)
|
|
CVE-2025-32743 |
Description: In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c can be NULL or an empty string when the TC (Truncated) bit is set in a DNS response. This allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code, because those lookup values lead to incorrect length calculations and incorrect memcpy operations.
CVSS: CRITICAL (9.0) EPSS Score: 0.09%
April 10th, 2025 (9 days ago)
|
|
CVE-2025-22375 |
Description: An authentication bypass vulnerability was found in Videx's CyberAudit-Web. Through the exploitation of a logic flaw, an attacker could create a valid session without any credentials. This vulnerability has been patched in versions later than 9.5 and a patch has been made available to all instances of CyberAudit-Web, including the versions that are End of Maintenance (EOM). Anyone that requires support with the resolution of this issue can contact [email protected] for assistance.
CVSS: CRITICAL (9.3) EPSS Score: 0.07%
April 10th, 2025 (9 days ago)
|
|
CVE-2025-32206 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects allows Upload a Web Shell to a Web Server. This issue affects Processing Projects: from n/a through 1.0.2.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 10th, 2025 (9 days ago)
|
|
CVE-2025-32202 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress allows Upload a Web Shell to a Web Server. This issue affects Insert or Embed Articulate Content into WordPress: from n/a through 4.3000000025.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 10th, 2025 (9 days ago)
|
|
CVE-2025-32140 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Nirmal Kumar Ram WP Remote Thumbnail allows Upload a Web Shell to a Web Server. This issue affects WP Remote Thumbnail: from n/a through 1.3.1.
CVSS: CRITICAL (9.9) EPSS Score: 0.05%
April 10th, 2025 (9 days ago)
|
|
CVE-2025-27690 |
Description: Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user account.
CVSS: CRITICAL (9.8) EPSS Score: 0.1%
April 10th, 2025 (10 days ago)
|
|
CVE-2024-58136 |
🚨 Marked as known exploited on April 10th, 2025 (10 days ago).
Description: Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.
CVSS: CRITICAL (9.0) EPSS Score: 0.07%
April 10th, 2025 (10 days ago)
|
|
CVE-2025-32461 |
Description: wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3.
CVSS: CRITICAL (9.9) EPSS Score: 0.08% SSVC Exploitation: none
April 9th, 2025 (10 days ago)
|
|
CVE-2025-3115 |
Description: Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions.
Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution
CVSS: CRITICAL (9.4) EPSS Score: 0.08% SSVC Exploitation: none
April 9th, 2025 (10 days ago)
|