Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-41195

Description: An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.

CVSS: CRITICAL (9.8)

EPSS Score: 0.02%

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2024-6914

Description: An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including accounts with elevated privileges. This vulnerability is exploitable only through the account recovery SOAP admin services exposed via the "/services" context path in affected products. The impact may be reduced if access to these endpoints has been restricted based on the "Security Guidelines for Production Deployment" by disabling exposure to untrusted networks.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2024-23687

Description: Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.

CVSS: CRITICAL (9.1)

EPSS Score: 0.31%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2025-2410

Description: Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVSS: CRITICAL (9.1)

EPSS Score: 0.06%

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2025-2409

Description: File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVSS: CRITICAL (9.1)

EPSS Score: 0.05%

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2024-48853

Description: An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.

CVSS: CRITICAL (9.0)

EPSS Score: 0.05%

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2025-4632

Description: Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.

CVSS: CRITICAL (9.8)

EPSS Score: 57.86%

Source: CISA KEV
May 22nd, 2025 (16 days ago)

CVE-2025-32814

Description: An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2025-3484

Description: MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DICOM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25853.

CVSS: CRITICAL (9.8)

EPSS Score: 0.46%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (16 days ago)

CVE-2025-3483

Description: MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DICOM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25825.

CVSS: CRITICAL (9.8)

EPSS Score: 0.46%

SSVC Exploitation: none

Source: CVE
May 22nd, 2025 (16 days ago)