Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-48200 |
Description: The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.
CVSS: CRITICAL (10.0) EPSS Score: 0.26%
May 21st, 2025 (17 days ago)
|
|
CVE-2025-4008 |
Description: The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.
This web interface exposes an endpoint that is vulnerable to command injection.
Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
CVSS: CRITICAL (9.4) EPSS Score: 2.88%
May 21st, 2025 (17 days ago)
|
|
CVE-2023-23397 |
Description: Executive Summary
This joint cybersecurity advisory (CSA) highlights a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies. This includes those involved in the coordination, transport, and delivery of foreign assistance to Ukraine. Since 2022, Western logistics entities and IT companies have faced an elevated risk of targeting by the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (85th GTsSS), military unit 26165—tracked in the cybersecurity community under several names (see “Cybersecurity Industry Tracking”). The actors’ cyber espionage-oriented campaign, targeting technology companies and logistics entities, uses a mix of previously disclosed tactics, techniques, and procedures (TTPs). The authoring agencies expect similar targeting and TTP use to continue.
Executives and network defenders at logistics entities and technology companies should recognize the elevated threat of unit 26165 targeting, increase monitoring and threat hunting for known TTPs and indicators of compromise (IOCs), and posture network defenses with a presumption of targeting.
This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors’ wide scale targeting of IP cameras in Ukraine and bordering NATO nations.
The following authors and co-sealers are releasing this CSA:
United States National Secur...
CVSS: CRITICAL (9.8)
May 21st, 2025 (17 days ago)
|
|
CVE-2025-41232 |
Description: Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass.
Your application may be affected by this if the following are true:
* You are using @EnableMethodSecurity(mode=ASPECTJ) and spring-security-aspects, and
* You have Spring Security method annotations on a private method
In that case, the target method may be able to be invoked without proper authorization.
You are not affected if:
* You are not using @EnableMethodSecurity(mode=ASPECTJ) or spring-security-aspects, or
* You have no Spring Security-annotated private methods
CVSS: CRITICAL (9.1) EPSS Score: 0.05%
May 21st, 2025 (17 days ago)
|
|
CVE-2025-4524 |
Description: The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS: CRITICAL (9.8) EPSS Score: 0.26%
May 21st, 2025 (17 days ago)
|
|
CVE-2025-4094 |
Description: The DIGITS: WordPress Mobile Number Signup and Login WordPress plugin before 8.4.6.1 does not rate limit OTP validation attempts, making it straightforward for attackers to bruteforce them.
CVSS: CRITICAL (9.8) EPSS Score: 0.54%
May 21st, 2025 (17 days ago)
|
|
CVE-2025-44898 |
Description: FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the theauthName parameter in the web_aaa_loginAuthlistEdit function.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 20th, 2025 (18 days ago)
|
|
CVE-2025-44897 |
Description: FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the bytftp_srvip parameter in the web_tool_upgradeManager_post function.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 20th, 2025 (18 days ago)
|
|
CVE-2025-44888 |
Description: FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the stp_conf_name parameter in the web_stp_globalSetting_post function.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 20th, 2025 (18 days ago)
|
|
CVE-2025-44887 |
Description: FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the radIpkey parameter in the web_radiusSrv_post function.
CVSS: CRITICAL (9.8) EPSS Score: 0.05%
May 20th, 2025 (18 days ago)
|