Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-1974
ingress-nginx admission controller RCE escalation
Description: A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

CVSS: CRITICAL (9.8)

EPSS Score: 75.83%

Source: CVE
March 25th, 2025 (27 days ago)

CVE-2025-26512
CVE-2025-26512 Privilege Escalation Vulnerability in SnapCenter
Description: SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.

CVSS: CRITICAL (9.9)

EPSS Score: 0.04%

Source: CVE
March 24th, 2025 (27 days ago)

CVE-2024-24402
An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.
Description: An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.

CVSS: CRITICAL (9.8)

EPSS Score: 14.54%

SSVC Exploitation: none

Source: CVE
March 24th, 2025 (27 days ago)

CVE-2024-1355
Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console
Description: A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.

CVSS: CRITICAL (9.1)

EPSS Score: 0.26%

SSVC Exploitation: none

Source: CVE
March 24th, 2025 (27 days ago)

CVE-2025-2747
Kentico Xperience Staging Sync Server None password type authentication bypass
Description: An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178.

CVSS: CRITICAL (9.8)

EPSS Score: 0.12%

Source: CVE
March 24th, 2025 (27 days ago)

CVE-2025-2746
Kentico Xperience Staging Sync Server digest password authentication bypass
Description: An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.

CVSS: CRITICAL (9.8)

EPSS Score: 0.12%

Source: CVE
March 24th, 2025 (27 days ago)

CVE-2025-30615
WordPress WP e-Commerce Style Email plugin <= 0.6.2 - CSRF to Remote Code Execution vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e-Commerce Style Email allows Code Injection. This issue affects WP e-Commerce Style Email: from n/a through 0.6.2.

CVSS: CRITICAL (9.6)

EPSS Score: 0.02%

Source: CVE
March 24th, 2025 (27 days ago)

CVE-2025-30528
WordPress Awesome Logos plugin <= 1.2 - CSRF to SQL Injection vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in wpshopee Awesome Logos allows SQL Injection. This issue affects Awesome Logos: from n/a through 1.2.

CVSS: CRITICAL (9.3)

EPSS Score: 0.02%

Source: CVE
March 24th, 2025 (27 days ago)

CVE-2025-1864
openSUSE 15 Security Update : radare2 (openSUSE-SU-2025:0101-1)
Description: Nessus Plugin ID 233284 with Critical Severity Synopsis The remote openSUSE host is missing one or more security updates. Description The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0101-1 advisory. - CVE-2025-1864: Fix buffer overflow and potential code execution. (boo#1238451) - CVE-2025-1744: Fix heap-based buffer over-read or buffer overflow. (boo#1238075)Tenable has extracted the preceding description block directly from the SUSE security advisory.Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. Solution Update the affected radare2, radare2-devel and / or radare2-zsh-completion packages. Read more at https://www.tenable.com/plugins/nessus/233284

CVSS: CRITICAL (10.0)

EPSS Score: 0.05%

Source: Tenable Plugins
March 24th, 2025 (27 days ago)
Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
Description: A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. "Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an

CVSS: CRITICAL (9.1)

EPSS Score: 91.42%

Source: TheHackerNews
March 24th, 2025 (27 days ago)