Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-30886 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk allows SQL Injection. This issue affects JS Help Desk: from n/a through 2.9.2.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (19 days ago)
|
|
CVE-2025-30876 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ads by WPQuads Ads by WPQuads allows SQL Injection. This issue affects Ads by WPQuads: from n/a through 2.0.87.1.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (19 days ago)
|
|
CVE-2025-30622 |
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in torsteino PostMash allows SQL Injection. This issue affects PostMash: from n/a through 1.0.3.
CVSS: CRITICAL (9.3) EPSS Score: 0.04%
April 1st, 2025 (19 days ago)
|
|
CVE-2024-36491 |
Description: FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an administrative user to execute an arbitrary OS command, obtain and/or alter sensitive information, and cause a denial-of-service (DoS) condition.
CVSS: CRITICAL (9.8) EPSS Score: 0.49% SSVC Exploitation: none
April 1st, 2025 (19 days ago)
|
|
CVE-2025-24263 |
Description: A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15.4. An app may be able to observe unprotected user data.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 31st, 2025 (19 days ago)
|
|
CVE-2024-20439 |
🚨 Marked as known exploited on April 10th, 2025 (10 days ago).
Description: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
CVSS: CRITICAL (9.8) EPSS Score: 89.45%
March 31st, 2025 (19 days ago)
|
|
CVE-2024-20439 |
Description: Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials.
CVSS: CRITICAL (9.8) EPSS Score: 89.45%
March 31st, 2025 (19 days ago)
|
|
CVE-2025-31122 |
Description: scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field.
CVSS: CRITICAL (9.0) EPSS Score: 0.05%
March 31st, 2025 (19 days ago)
|
|
CVE-2025-30223 |
Description: Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that executes in victims' browsers, potentially leading to session hijacking, credential theft, or account takeover. The vulnerability affects any application using Beego's RenderForm() function with user-provided data. Since it is a high-level function generating an entire form markup, many developers would assume it automatically escapes attributes (the way most frameworks do). This vulnerability is fixed in 2.3.6.
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
March 31st, 2025 (19 days ago)
|
|
CVE-2025-30004 |
Description: Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user.
This issue affects CompletePBX: all versions up to and prior to 5.2.35
CVSS: CRITICAL (9.1) EPSS Score: 0.23%
March 31st, 2025 (19 days ago)
|