CVE-2024-23978 |
Description: Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported.
CVSS: CRITICAL (9.8) EPSS Score: 0.27% SSVC Exploitation: none
May 15th, 2025 (23 days ago)
|
CVE-2024-22902 |
Description: Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.
CVSS: CRITICAL (9.8) EPSS Score: 0.08% SSVC Exploitation: poc
May 15th, 2025 (23 days ago)
|
CVE-2024-22901 |
Description: Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.
CVSS: CRITICAL (9.8) EPSS Score: 0.08% SSVC Exploitation: poc
May 15th, 2025 (23 days ago)
|
CVE-2024-22852 |
Description: D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload.
CVSS: CRITICAL (9.8) EPSS Score: 2.55% SSVC Exploitation: poc
May 15th, 2025 (23 days ago)
|
CVE-2024-25400 |
Description: Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not present in the file.
CVSS: CRITICAL (9.8) EPSS Score: 0.36% SSVC Exploitation: poc
May 15th, 2025 (23 days ago)
|
CVE-2025-4632 |
Description: CVE-2025-4632, a patch bypass for a Samsung MagicInfo 9 Server vulnerability disclosed last year, has been exploited by threat actors in the wild.
CVSS: CRITICAL (9.8) EPSS Score: 57.86%
May 15th, 2025 (23 days ago)
|
![]() |
Description: Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI.
This issue affects Apache IoTDB: from 1.0.0 before 1.3.4.
Users are recommended to upgrade to version 1.3.4, which fixes the issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-24780
https://lists.apache.org/thread/xphtm98v3zsk9vlpfh481m1ry2ctxvmj
http://www.openwall.com/lists/oss-security/2025/05/14/2
https://github.com/apache/iotdb/pull/14365
https://github.com/advisories/GHSA-f4rq-f4j9-f6rm
CVSS: CRITICAL (9.8) EPSS Score: 0.38%
May 15th, 2025 (23 days ago)
|
![]() |
Description: Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java.
This issue affects webdrivermanager: from 1.0.0 before 6.1.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-4641
https://github.com/bonigarcia/webdrivermanager/pull/1458
https://github.com/advisories/GHSA-pwm3-776c-8q7q
CVSS: CRITICAL (9.3) EPSS Score: 0.07%
May 15th, 2025 (23 days ago)
|
CVE-2025-42999 |
Description: SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content.
CVSS: CRITICAL (9.1) EPSS Score: 14.71%
May 15th, 2025 (23 days ago)
|
CVE-2025-31324 |
Description: As threat actors continue to hop on the train of exploiting CVE-2025-31324, researchers are recommending that SAP administrators patch as soon as possible so that they don't fall victim next.
CVSS: CRITICAL (10.0) EPSS Score: 78.65%
May 15th, 2025 (23 days ago)
|