Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-3248 |
🚨 Marked as known exploited on April 13th, 2025 (6 days ago).
Description: Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
CVSS: CRITICAL (9.8) EPSS Score: 80.22%
April 7th, 2025 (12 days ago)
|
|
CVE-2025-32013 |
Description: LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request to that URL using the httpx library with redirect following enabled. The application doesn't properly validate the callback URL, allowing attackers to specify internal network addresses and access internal resources.
CVSS: CRITICAL (9.3) EPSS Score: 0.02%
April 6th, 2025 (13 days ago)
|
|
CVE-2025-2941 |
Description: The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the wc-upload-file[] parameter in all versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php).
CVSS: CRITICAL (9.8) EPSS Score: 0.25%
April 5th, 2025 (14 days ago)
|
|
CVE-2025-22457 |
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: Ivanti released security updates to address vulnerabilities (CVE-2025-22457) in Ivanti Connect Secure, Policy Secure & ZTA Gateways. A cyber threat actor could exploit CVE-2025-22457 to take control of an affected system.
CISA has added CVE-2025-22457 to its Known Exploited Vulnerabilities Catalog.
See the following resources for more guidance:
April Security Update | Ivanti
April Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457)
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) | Google Cloud Blog
For any instances of Ivanti Connect Secure that were not updated by Feb. 28, 2025, to the latest Ivanti patch (22.7R2.6) and all instances of Pulse Connect Secure (EoS), Policy Secure, and ZTA Gateways, CISA urges users and administrators to implement the following actions:
Conduct threat hunting actions:
Run an external Integrity Checker Tool (ICT). For more guidance, see Ivanti’s instructions.
Conduct threat hunt actions on any systems connected to—or recently connected to—the affected Ivanti device.
If threat hunting actions determine no compromise:
For the highest level of confidence, conduct a factory reset.
For Cloud and Virtual systems, conduct a factory reset using an external known clean image of the device.
Apply the patch described in Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457). Please note that patches for Ivanti...
CVSS: CRITICAL (9.0) EPSS Score: 9.86%
April 4th, 2025 (15 days ago)
|
|
CVE-2025-22457 |
🚨 Marked as known exploited on April 10th, 2025 (9 days ago).
Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2025-22457Â Ivanti Connect Secure, Policy Secure and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
CISA urges organizations to apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.
Security Update: Pulse Connect Secure, Ivanti Connect Secure, Policy Secure and Neurons for ZTA Gateway
CISA Mitigation Instructions for CVE-2025-22457
Organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at [email protected] or (888) 282-0870. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-...
CVSS: CRITICAL (9.0) EPSS Score: 9.86%
April 4th, 2025 (15 days ago)
|
|
CVE-2024-11235 |
Description: In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??=Â Â operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.
CVSS: CRITICAL (9.2) EPSS Score: 0.27%
April 4th, 2025 (15 days ago)
|
|
CVE-2025-22457 |
Description: Ivanti Connect Secure, Policy Secure and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.
CVSS: CRITICAL (9.0) EPSS Score: 9.86%
April 4th, 2025 (15 days ago)
|
|
Description: Summary
A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version(v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server.
Details
It exists an unsafe code segment in serde.py:
def deserialize_value(self, payload: Payload) -> t.Any:
if "buffer-lengths" not in payload.metadata:
return pickle.loads(b"".join(payload.data))
Through data flow analysis, it is confirmed that the payload content is sourced from an HTTP request, which can be fully manipulated by the attack. Due to the lack of validation in the code, maliciously crafted serialized data can execute harmful actions during deserialization.
PoC
Environment:
Server host:
IP: 10.98.36.123
OS: Ubuntu
Attack host:
IP: 10.98.36.121
OS: Ubuntu
Follow the instructions on the BentoML official README(https://github.com/bentoml/BentoML) to set up the environment.
1.1 Install BentoML (Server host: 10.98.36.123) :
pip install -U bentoml
1.2 Define APIs in a service.py file (Server host: 10.98.36.123) :
from __future__ import annotations
import bentoml
@bentoml.service(
resources={"cpu": "4"}
)
class Summarization:
def __init__(self) -> None:
import torch
from transformers import pipeline
device = "cuda" if torch.cuda.is_available() else "cpu"
self.pipeline = pipeline('summarization', device=device)
@bentoml.api(batchable=True)
def summarize(self, texts: list...
CVSS: CRITICAL (9.8) EPSS Score: 41.91%
April 4th, 2025 (15 days ago)
|
|
CVE-2025-32118 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance allows Using Malicious Files. This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.13.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 4th, 2025 (15 days ago)
|
|
CVE-2025-31480 |
Description: aiven-extras is a PostgreSQL extension. This is a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages the format function not being schema-prefixed. Affected users should install 1.1.16 and ensure they run the latest version issuing ALTER EXTENSION aiven_extras UPDATE TO '1.1.16' after installing it. This needs to happen in each database aiven_extras has been installed in.
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
April 4th, 2025 (15 days ago)
|