Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: CVE-2025-2071: OS Command Injection Vulnerability in FAST LTA Silent Brick WebUI
CVSS: CRITICAL (10.0) EPSS Score: 1.05%
March 31st, 2025 (20 days ago)
|
CVE-2025-29266 |
Description: Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.
CVSS: CRITICAL (9.6) EPSS Score: 0.1%
March 31st, 2025 (20 days ago)
|
|
CVE-2025-3022 |
Description: Os command injection vulnerability in e-solutions e-management. This vulnerability allows an attacker to execute arbitrary commands on the server via the ‘client’ parameter in the /data/apache/e-management/api/api3.php endpoint.
CVSS: CRITICAL (9.3) EPSS Score: 0.69%
March 31st, 2025 (20 days ago)
|
|
CVE-2025-2071 |
Description: A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could allow attackers to execute arbitrary commands on the affected system, potentially resulting in unauthorized access, data leakage, or full system compromise. Affected WebUI parameters are "hd" and "pi".
CVSS: CRITICAL (10.0) EPSS Score: 1.05%
March 31st, 2025 (20 days ago)
|
|
CVE-2025-26689 |
Description: Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If a remote attacker sends a specially crafted HTTP request to the product, the product data may be obtained or deleted, and/or the product settings may be altered.
CVSS: CRITICAL (9.8) EPSS Score: 0.25%
March 31st, 2025 (20 days ago)
|
|
CVE-2025-25211 |
Description: Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
March 31st, 2025 (20 days ago)
|
|
CVE-2025-3011 |
Description: SOOP-CLM from PiExtract has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVSS: CRITICAL (9.8) EPSS Score: 0.11%
March 31st, 2025 (20 days ago)
|
|
CVE-2025-1268 |
Description: Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver
CVSS: CRITICAL (9.4) EPSS Score: 0.08%
March 31st, 2025 (20 days ago)
|
|
CVE-2025-2266 |
Description: The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVSS: CRITICAL (9.8) EPSS Score: 0.09%
March 29th, 2025 (22 days ago)
|
|
CVE-2024-1735 |
Description: A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later.
CVSS: CRITICAL (9.1) EPSS Score: 0.06% SSVC Exploitation: none
March 29th, 2025 (22 days ago)
|