Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE-2024-23978

Description: Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported.

CVSS: CRITICAL (9.8)

EPSS Score: 0.27%

SSVC Exploitation: none

Source: CVE
May 15th, 2025 (23 days ago)

CVE-2024-22902

Description: Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials.

CVSS: CRITICAL (9.8)

EPSS Score: 0.08%

SSVC Exploitation: poc

Source: CVE
May 15th, 2025 (23 days ago)

CVE-2024-22901

Description: Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.

CVSS: CRITICAL (9.8)

EPSS Score: 0.08%

SSVC Exploitation: poc

Source: CVE
May 15th, 2025 (23 days ago)

CVE-2024-22852

Description: D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload.

CVSS: CRITICAL (9.8)

EPSS Score: 2.55%

SSVC Exploitation: poc

Source: CVE
May 15th, 2025 (23 days ago)

CVE-2024-25400

Description: Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. NOTE: this is disputed by multiple third parties because it refers to an HTTP request to a PHP file that only contains a class, without any mechanism for accepting external input, and the reportedly vulnerable method is not present in the file.

CVSS: CRITICAL (9.8)

EPSS Score: 0.36%

SSVC Exploitation: poc

Source: CVE
May 15th, 2025 (23 days ago)

CVE-2025-4632

Description: CVE-2025-4632, a patch bypass for a Samsung MagicInfo 9 Server vulnerability disclosed last year, has been exploited by threat actors in the wild.

CVSS: CRITICAL (9.8)

EPSS Score: 57.86%

Source: Dark Reading
May 15th, 2025 (23 days ago)
Description: Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects Apache IoTDB: from 1.0.0 before 1.3.4. Users are recommended to upgrade to version 1.3.4, which fixes the issue. References https://nvd.nist.gov/vuln/detail/CVE-2024-24780 https://lists.apache.org/thread/xphtm98v3zsk9vlpfh481m1ry2ctxvmj http://www.openwall.com/lists/oss-security/2025/05/14/2 https://github.com/apache/iotdb/pull/14365 https://github.com/advisories/GHSA-f4rq-f4j9-f6rm

CVSS: CRITICAL (9.8)

EPSS Score: 0.38%

Source: Github Advisory Database (Maven)
May 15th, 2025 (23 days ago)
Description: Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.1.0. References https://nvd.nist.gov/vuln/detail/CVE-2025-4641 https://github.com/bonigarcia/webdrivermanager/pull/1458 https://github.com/advisories/GHSA-pwm3-776c-8q7q

CVSS: CRITICAL (9.3)

EPSS Score: 0.07%

Source: Github Advisory Database (Maven)
May 15th, 2025 (23 days ago)

CVE-2025-42999

Description: SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content.

CVSS: CRITICAL (9.1)

EPSS Score: 14.71%

Source: CISA KEV
May 15th, 2025 (23 days ago)

CVE-2025-31324

Description: As threat actors continue to hop on the train of exploiting CVE-2025-31324, researchers are recommending that SAP administrators patch as soon as possible so that they don't fall victim next.

CVSS: CRITICAL (10.0)

EPSS Score: 78.65%

Source: Dark Reading
May 15th, 2025 (23 days ago)