Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-41195
An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator...
Description: An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.

CVSS: CRITICAL (9.8)

EPSS Score: 0.02%

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2024-6914
Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover
Description: An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including accounts with elevated privileges. This vulnerability is exploitable only through the account recovery SOAP admin services exposed via the "/services" context path in affected products. The impact may be reduced if access to these endpoints has been restricted based on the "Security Guidelines for Production Deployment" by disabling exposure to untrusted networks.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2024-23687
FOLIO mod-data-export-spring Hard-Coded Credentials
Description: Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.

CVSS: CRITICAL (9.1)

EPSS Score: 0.31%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2025-2410
Admin Authorized Port (iptables) manipulation (open/close/disable ports)
Description: Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVSS: CRITICAL (9.1)

EPSS Score: 0.06%

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2025-2409
Admin Authorized System File corruption
Description: File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVSS: CRITICAL (9.1)

EPSS Score: 0.05%

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2024-48853
Authenticated Escalation to guest to root
Description: An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVSS: CRITICAL (9.0)

EPSS Score: 0.05%

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2025-4632
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Description: Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.

CVSS: CRITICAL (9.8)

EPSS Score: 57.86%

Source: CISA KEV
May 22nd, 2025 (16 days ago)

CVE-2025-32814
An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.
Description: An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2025-3484
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Description: MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DICOM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25853.

CVSS: CRITICAL (9.8)

EPSS Score: 0.46%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2025-3483
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Description: MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DICOM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25825.

CVSS: CRITICAL (9.8)

EPSS Score: 0.46%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (16 days ago)