Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-48951 |
Description: Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.14.0 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Applications using the Auth0-PHP SDK are affected, as are applications using the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs, because those SDKsrely on the Auth0-PHP SDK versions from 8.0.0-BETA3 until 8.14.0. Version 8.14.0 contains a patch for the issue.
CVSS: CRITICAL (9.3) EPSS Score: 0.06%
June 3rd, 2025 (2 days ago)
|
|
CVE-2025-23097 |
Description: An issue was discovered in Samsung Mobile Processor Exynos 1380. The lack of a length check leads to out-of-bounds writes.
CVSS: CRITICAL (9.1) EPSS Score: 0.02%
June 3rd, 2025 (2 days ago)
|
|
CVE-2024-23741 |
Description: An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
CVSS: CRITICAL (9.8) EPSS Score: 20.72% SSVC Exploitation: poc
June 3rd, 2025 (2 days ago)
|
|
CVE-2024-23621 |
Description: A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution.
CVSS: CRITICAL (10.0) EPSS Score: 0.7% SSVC Exploitation: none
June 3rd, 2025 (2 days ago)
|
|
CVE-2024-1143 |
Description: Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.
CVSS: CRITICAL (9.3) EPSS Score: 0.2% SSVC Exploitation: none
June 3rd, 2025 (2 days ago)
|
|
CVE-2024-0402 |
Description: An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.
CVSS: CRITICAL (9.9) EPSS Score: 31.72% SSVC Exploitation: poc
June 3rd, 2025 (2 days ago)
|
|
CVE-2025-32106 |
Description: In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code.
CVSS: CRITICAL (9.8) EPSS Score: 0.11%
June 3rd, 2025 (2 days ago)
|
|
CVE-2025-32105 |
Description: A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9.6 allows an unauthenticated user to achieve remote code execution.
CVSS: CRITICAL (9.8) EPSS Score: 0.13%
June 3rd, 2025 (2 days ago)
|
|
CVE-2025-45854 |
Description: An arbitrary file upload vulnerability in the component /server/executeExec of JEHC-BPM v2.0.1 allows attackers to execute arbitrary code via uploading a crafted file.
CVSS: CRITICAL (9.8) EPSS Score: 0.07% SSVC Exploitation: poc
June 3rd, 2025 (2 days ago)
|
|
CVE-2025-44148 |
Description: Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component
CVSS: CRITICAL (9.8) EPSS Score: 0.29% SSVC Exploitation: poc
June 3rd, 2025 (2 days ago)
|